| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Mar 2024 09:25:35 +0100
From: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
To: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>
Cc: "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Marcin Szycik <marcin.szycik@...ux.intel.com>,
"Kubiak, Michal" <michal.kubiak@...el.com>
Subject: Re: [Intel-wired-lan] [iwl-net v1] ice: tc: do default match on all
profiles
On Mon, Mar 25, 2024 at 06:36:56AM +0000, Buvaneswaran, Sujai wrote:
> > -----Original Message-----
> > From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of
> > Michal Swiatkowski
> > Sent: Tuesday, March 12, 2024 4:23 PM
> > To: intel-wired-lan@...ts.osuosl.org
> > Cc: netdev@...r.kernel.org; Marcin Szycik <marcin.szycik@...ux.intel.com>;
> > Kubiak, Michal <michal.kubiak@...el.com>; Michal Swiatkowski
> > <michal.swiatkowski@...ux.intel.com>
> > Subject: [Intel-wired-lan] [iwl-net v1] ice: tc: do default match on all profiles
> >
> > A simple non-tunnel rule (e.g. matching only on destination MAC) in
> > hardware will be hit only if the packet isn't a tunnel. In software execution of
> > the same command, the rule will match both tunnel and non-tunnel packets.
> >
> > Change the hardware behaviour to match tunnel and non-tunnel packets in
> > this case. Do this by considering all profiles when adding non-tunnel rule
> > (rule not added on tunnel, or not redirecting to tunnel).
> >
> > Example command:
> > tc filter add dev pf0 ingress protocol ip flower skip_sw action mirred \
> > egress redirect dev pr0
> >
> > It should match also tunneled packets, the same as command with skip_hw
> > will do in software.
> >
> > Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support")
> > Reviewed-by: Marcin Szycik <marcin.szycik@...ux.intel.com>
> > Reviewed-by: Michal Kubiak <michal.kubiak@...el.com>
> > Signed-off-by: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
> > ---
> > v1 --> v2:
> > * fix commit message sugested by Marcin
> > ---
> > drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> Hi,
>
> We are seeing error while adding HW tc rules on PF with the latest net-queue patches. This issue is blocking the validation of latest net-queue Switchdev patches.
>
> + tc filter add dev ens5f0np0 ingress protocol ip prio 1 flower src_mac b4:96:91:9f:65:58 dst_mac 52:54:00:00:16:01 skip_sw action mirred egress redirect dev eth0
> Error: ice: Unable to add filter due to error.
> We have an error talking to the kernel
> + tc filter add dev ens5f0np0 ingress protocol ip prio 1 flower src_mac b4:96:91:9f:65:58 dst_mac 52:54:00:00:16:02 skip_sw action mirred egress redirect dev eth1
> Error: ice: Unable to add filter due to error.
> We have an error talking to the kernel
Hi,
The same command is working fine on my setup. I suspect that it isn't
related to this patch. The change is only in command validation, there
is no functional changes here that can cause error during adding filters
which previously was working fine.
Can you share more information about the setup? It was the first filter
added on the PF? Did you do sth else before checking tc?
Thanks,
Michal
>
> Thanks,
> Sujai B
Powered by blists - more mailing lists