lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Sep 2016 14:42:50 +0200
From:   Simon Horman <simon.horman@...ronome.com>
To:     netdev@...r.kernel.org, dev@...nvswitch.org
Cc:     Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH/RFC 00/12] Programming Open vSwitch (-like) flows into hardware using SwitchDev

This series provides a prototype of programming Open vSwitch (-like) flows
into hardware using SwitchDev. It is a rework of an approach which I
previously posted in 2014. An Netronome has been using in real world
products for some time now.

Since that time upstream support for offloading flows evolved somewhat as
we can see in both the provision for TC to offload classifiers to hardware
and evolution of eBPF. And with Netdev 1.2 approaching it seems timely
to revisit this approach.

In this approach flows are programmed into hardware by the kernel and
the user provided by this patchset is the Open vSwitch kernel datapath.
By default the implementation tries to program flows into hardware and
software but only fails if the latter is not successful.

An netlink attribute, OVS_FLOW_ATTR_HW_STATUS, is provided to allow
user-space to determine if a flow was programmed into hardware or not.

User-space may ask for a flow to not be programmed into hardware using
OVS_FLOW_HW_REQ_SKIP_HW. There is also scope to skip adding flows into
software - that is only program them into hardware but that is not
implemented at this time.

This should allow existing users of that datapath, including but not
limited to the Open vSwitch user-space, to use these offloads with little
or no modification.

SwitchDev was chosen for this implementation as it already provides
offload of FDB and FIB entries, which are to some extent flows. So overall
the approach taken here is to add a new type of flow to SwitchDev.
Other options include NDOs and calling into TC, neither of which
I have prototyped but both of which seem entirely reasonable to me.


This prototype consists of three parts:
* Updates to SwitchDev to add support for a new flow object
* Implementation of support for the new flow object in Rocker and
  its OF-DPA world.
  - This is to provide a working example, in practice OF-DPA seems
    extremely limited in terms of its capacity to offload
    Open vSwitch (-like) flows)
* Updates to the Open vSwitch datapath to use the new SwitchDev flow
  objects

There are also minor enhancements tot he Qemu implementation to rocker
to add byte and idle-time statistics to OF-DPA flows. This moves the
implementation out of the scope of OF-DPA but where the best mechanism
I came up to exercise this approach.

They are here: https://github.com/horms/qemu rocker-stats-20160926

No changes to the Open vSwitch user-space are required to exercise this
code.


A different approach, not implemented by this patch-set, is for user-space
to program flows into hardware by some other means, for example TC, and/or
the (kernel) datapath. I believe that approach does not conflict with this
one. And there is some scope to share infrastructure in the kernel.


Simon Horman (12):
  sw_flow: make struct sw_flow_key available outside of net/openvswitch/
  switchdev: Add Open vSwitch (-like) flow object support
  switchdev: Add support for getting port object details
  rocker: Add Open vSwitch (-like) flow support
  rocker: Support Open vSwitch (-like) flow stats
  rocker: Add helper to check ports belong to the same rocker switch
  rocker: switchdev Add Open vSwitch (-like) flow support to OF-DPA
    world
  rocker: Support Open vSwitch (-like) flow stats in OF-DPA world
  openvswitch: Add key_attrs to struct sw_flow_match
  openvswitch: make get_dp_rcu() available outside datapath.c
  openvswitch: Support programming of flows into hardware
  hack: rocker: no ip frag match

 drivers/net/ethernet/rocker/rocker.h       |  11 +
 drivers/net/ethernet/rocker/rocker_hw.h    |   4 +
 drivers/net/ethernet/rocker/rocker_main.c  |  75 +++++++
 drivers/net/ethernet/rocker/rocker_ofdpa.c | 350 ++++++++++++++++++++++++++++-
 include/linux/sw_flow.h                    | 100 +++++++++
 include/net/switchdev.h                    |  74 ++++++
 include/uapi/linux/openvswitch.h           |  36 +++
 net/openvswitch/datapath.c                 |  77 ++++++-
 net/openvswitch/datapath.h                 |   2 +
 net/openvswitch/flow.c                     | 173 ++++++++++++++
 net/openvswitch/flow.h                     | 135 +++++------
 net/openvswitch/flow_netlink.c             |  56 ++++-
 net/openvswitch/flow_netlink.h             |   3 +
 net/openvswitch/vport-netdev.c             |  39 ++++
 net/switchdev/switchdev.c                  | 119 ++++++++++
 15 files changed, 1165 insertions(+), 89 deletions(-)
 create mode 100644 include/linux/sw_flow.h

-- 
2.7.0.rc3.207.g0ac5344

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ