Wed, Sep 27, 2017 at 05:27:29PM CEST, jb...@redhat.com wrote: >On Wed, 27 Sep 2017 14:55:09 +0200, Jiri Pirko wrote: >> So where do you attach the tc filter instead of eth0? vxlan0? > >Yes, vxlan0. I'm pasting the example from earlier in this thread again: > >This will match: > >ip link add vxlan0 type vxlan dstport 4789 dev eth0 external >ip link set dev vxlan0 up >tc qdisc add dev vxlan0 ingress >ethtool -K eth0 hw-tc-offload on >tc filter add dev vxlan0 protocol ip parent ffff: flower enc_key_id 102 \ > enc_dst_port 4789 src_ip 3.4.5.6 skip_sw action [...] > >while this must NOT match: > >ip link add vxlan0 type vxlan dstport 4789 dev eth0 external >ip link set dev vxlan0 up >tc qdisc add dev eth0 ingress >ethtool -K eth0 hw-tc-offload on >tc filter add dev eth0 protocol ip parent ffff: flower enc_key_id 102 \ > enc_dst_port 4789 src_ip 3.4.5.6 skip_sw action [...]
Right. Driver of eth0 should get ndo_setup_tc calls for vxlan0. Similar thing will be needed for bonding/team. I'm taking this into considaration for my sharedblock patchset. Work in progress: https://github.com/jpirko/linux_mlxsw/commits/jiri_devel_shblock Basically the eth0 driver will register a callback function that would be called whenever filter is added/deleted on vxlan0
