lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  6 Mar 2020 20:55:58 +0800
From:   Po Liu <Po.Liu@....com>
To:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org
Cc:     vinicius.gomes@...el.com, po.liu@....com, claudiu.manoil@....com,
        vladimir.oltean@....com, alexandru.marginean@....com,
        xiaoliang.yang_1@....com, roy.zang@....com, mingkai.hu@....com,
        jerry.huang@....com, leoyang.li@....com, michael.chan@...adcom.com,
        vishal@...lsio.com, saeedm@...lanox.com, leon@...nel.org,
        jiri@...lanox.com, idosch@...lanox.com,
        alexandre.belloni@...tlin.com, UNGLinuxDriver@...rochip.com,
        kuba@...nel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
        john.hurley@...ronome.com, simon.horman@...ronome.com,
        pieter.jansenvanvuuren@...ronome.com, pablo@...filter.org,
        moshe@...lanox.com, ivan.khoronzhuk@...aro.org,
        m-karicheri2@...com, andre.guedes@...ux.intel.com,
        jakub.kicinski@...ronome.com, Po Liu <Po.Liu@....com>
Subject: [RFC,net-next  0/9] Introduce a flow gate control action and apply IEEE

This patch set is trying to intruduce a way to add tc flower offload
for the enetc IEEE 802.1Qci (PSFP) function. There are four main feature
parts in PSFP to implement the flow policing and filtering for ingress
flow with IEEE 802.1Qci features. They are stream identify(this is defined
in the P802.1cb exactly but needed by 802.1Qci), stream filtering, stream
gate and flow metering.

The stream gate function is the important part in the features. But
there is no compare actions in the qdisc filter part. The second patch
introduce a ingress frame gate control flow action. tc create a gate
action would provide a gate list to control class open/close state. when
the gate open state, the flow could pass but not when gate state is
close. The driver would repeat the gate list periodic. User also could
assign a time point to start the gate list by the basetime parameter. if
the basetime has passed current time, start time would calculate by the
cycletime of the gate list. And it is introduce a software simulator
gate control method.

The first patch is fix a flow offload can't provide dropped frame count
number issue. This would be used for getting the hardware offload dropped
frame.

The third patch is to adding the gate flow offloading.

The fourth patch is to add tc offload command in enetc. This is to
control the on/off for the tc flower offloading.

Now the enetc driver would got the gate control list and filter mac
address etc. So enetc would collected the parameters and create the
stream identify entry and stream gate control entry. Then driver would
create a stream filter entry by these inputs. Driver would maintain the
flow chain list. The fifth patch implement the stream gate and stream
filter and stream identify functions in driver by the tc flower actions
and tc filter parameters.

The sixth patch extend the police action with max frame size parameter.
This patch prepare for the PSFP per stream filtering by the frame size
policing.

The seventh patch add the max frame size policing into the stream
filtering function.

The eighth patch extend the police action with action index to the
driver. So driver could know which hardware entry to police the rate and
burst size.

The ninth patch add flow metering function in driver for the
IEEE802.1Qci with the police action 'index'/'burst'/'rate_bytes_ps'.

The iproute2 test patch need to upload to:

git://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git

There are some works still need to improve and I'd like your feedback:
- The gate action software simulator need to add admin/oper state
machine. This state machine would keep the previous operation gate list
before the new admin gate list start time arrived. Does it required for
admin/oper in software implement?

- More PSFP flow metering parameters. flow metering is an optional function
for a specific filter chain. Add more parameters this part would make
the flow metering more completely. Flow metering privde a two rate (CIR,
EIR) and two buckets (CBS, EBS) and mark flow three color(green,
yellow, red). Current tc flower offload only provide "burst" and
"rate_bytes_ps" in police action for driver. This patch set using these
two parameters to set one bucket and one rate. Each flow metering entry
own two sets buckets and two rate police. So the second rate/burst keep
disable.

Po Liu (9):
  net: qos offload add flow status with dropped count
  net: qos: introduce a gate control flow action
  net: schedule: add action gate offloading
  net: enetc: add hw tc hw offload features for PSPF capability
  net: enetc: add tc flower psfp offload driver
  net: qos: add tc police offloading action with max frame size limit
  net: enetc: add support max frame size for tc flower offload
  net: qos: police action add index for tc flower offloading
  net: enetc add tc flower offload flow metering policing action

 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c  |    2 +-
 .../ethernet/chelsio/cxgb4/cxgb4_tc_flower.c  |    2 +-
 .../chelsio/cxgb4/cxgb4_tc_matchall.c         |    2 +-
 drivers/net/ethernet/freescale/enetc/enetc.c  |   34 +-
 drivers/net/ethernet/freescale/enetc/enetc.h  |   86 ++
 .../net/ethernet/freescale/enetc/enetc_hw.h   |  183 +++
 .../net/ethernet/freescale/enetc/enetc_pf.c   |    6 +
 .../net/ethernet/freescale/enetc/enetc_qos.c  | 1228 ++++++++++++++++-
 .../net/ethernet/mellanox/mlx5/core/en_tc.c   |    4 +-
 .../ethernet/mellanox/mlxsw/spectrum_flower.c |    2 +-
 drivers/net/ethernet/mscc/ocelot_flower.c     |    2 +-
 .../ethernet/netronome/nfp/flower/offload.c   |    2 +-
 .../ethernet/netronome/nfp/flower/qos_conf.c  |    2 +-
 include/net/act_api.h                         |   11 +-
 include/net/flow_offload.h                    |   17 +-
 include/net/pkt_cls.h                         |    5 +-
 include/net/tc_act/tc_gate.h                  |  169 +++
 include/net/tc_act/tc_police.h                |   10 +
 include/uapi/linux/pkt_cls.h                  |    1 +
 include/uapi/linux/tc_act/tc_gate.h           |   47 +
 net/sched/Kconfig                             |   15 +
 net/sched/Makefile                            |    1 +
 net/sched/act_api.c                           |   12 +-
 net/sched/act_ct.c                            |    6 +-
 net/sched/act_gact.c                          |    7 +-
 net/sched/act_gate.c                          |  645 +++++++++
 net/sched/act_mirred.c                        |    6 +-
 net/sched/act_police.c                        |    6 +-
 net/sched/act_vlan.c                          |    6 +-
 net/sched/cls_api.c                           |   35 +
 net/sched/cls_flower.c                        |    3 +-
 net/sched/cls_matchall.c                      |    3 +-
 32 files changed, 2515 insertions(+), 45 deletions(-)
 create mode 100644 include/net/tc_act/tc_gate.h
 create mode 100644 include/uapi/linux/tc_act/tc_gate.h
 create mode 100644 net/sched/act_gate.c

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ