lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jun 2020 23:52:40 +0000
From:   Po Liu <po.liu@....com>
To:     Jamal Hadi Salim <jhs@...atatu.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "idosch@...sch.org" <idosch@...sch.org>
CC:     "jiri@...nulli.us" <jiri@...nulli.us>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "vlad@...lov.dev" <vlad@...lov.dev>,
        Claudiu Manoil <claudiu.manoil@....com>,
        Vladimir Oltean <vladimir.oltean@....com>,
        Alexandru Marginean <alexandru.marginean@....com>,
        "michael.chan@...adcom.com" <michael.chan@...adcom.com>,
        "vishal@...lsio.com" <vishal@...lsio.com>,
        "saeedm@...lanox.com" <saeedm@...lanox.com>,
        "leon@...nel.org" <leon@...nel.org>,
        "jiri@...lanox.com" <jiri@...lanox.com>,
        "idosch@...lanox.com" <idosch@...lanox.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
        "simon.horman@...ronome.com" <simon.horman@...ronome.com>,
        "pablo@...filter.org" <pablo@...filter.org>,
        "moshe@...lanox.com" <moshe@...lanox.com>,
        "m-karicheri2@...com" <m-karicheri2@...com>,
        "andre.guedes@...ux.intel.com" <andre.guedes@...ux.intel.com>,
        "stephen@...workplumber.org" <stephen@...workplumber.org>,
        Edward Cree <ecree@...arflare.com>
Subject: RE:  Re: [v1,net-next 3/4] net: qos: police action add index for tc
 flower offloading

Hi Jamal,


> -----Original Message-----
> From: Jamal Hadi Salim <jhs@...atatu.com>
> Sent: 2020年6月23日 20:18
> To: Po Liu <po.liu@....com>; davem@...emloft.net; linux-
> kernel@...r.kernel.org; netdev@...r.kernel.org; idosch@...sch.org
> Cc: jiri@...nulli.us; vinicius.gomes@...el.com; vlad@...lov.dev; Claudiu
> Manoil <claudiu.manoil@....com>; Vladimir Oltean
> <vladimir.oltean@....com>; Alexandru Marginean
> <alexandru.marginean@....com>; michael.chan@...adcom.com;
> vishal@...lsio.com; saeedm@...lanox.com; leon@...nel.org;
> jiri@...lanox.com; idosch@...lanox.com;
> alexandre.belloni@...tlin.com; UNGLinuxDriver@...rochip.com;
> kuba@...nel.org; xiyou.wangcong@...il.com;
> simon.horman@...ronome.com; pablo@...filter.org;
> moshe@...lanox.com; m-karicheri2@...com;
> andre.guedes@...ux.intel.com; stephen@...workplumber.org; Edward
> Cree <ecree@...arflare.com>
> Subject: Re: [v1,net-next 3/4] net: qos: police action add index for tc
> flower offloading
> 
> On 2020-06-23 7:55 a.m., Po Liu wrote:
> 
> 
> [..]
> >> My question: Is this any different from how stats are structured?
> >
> > I don't know I fully catch the question. Are you trying to get how many
> frames for each filter chain passing one index policing action?
> > If one index police action bind to multiple tc filter(they should have
> differnt chain index ). All those filter should get same index police action
> stats value since they are sharing the same hardware entry. But I don't
> think this is the problem.
> >
> 
> This is a good thing. What is nice is i can use the same index for s/w and
> h/w (and no need for a translation/remapping).
> 
> > With index provide to device driver(map the s/w action index to a h/w
> table index ), user could list the police actions list by command:
> > # tc actions show action police
> > Shows the police action table by index.
> 
> This is also nice.
> 
> My question: Why cant you apply the same semantics for the counters?
> Does your hardware have an indexed counter/stats table? If yes then you

Yes,  but I think tc flower can only care about the  counters of that chain. And action police care about how many frames for each police entry.

> should be able to do similar thing for counters as you do for policer (i.e
> use an index and share counters across actions). So when i say:
> tc action drop index 5

Do you mean something like "tc xxx flower action police index 5 drop"  since '' tc action drop index 5" is not a proper command? (there is 'action drop'  follow the tc filter command but not with index assigned). 

> and
> tc action ok index 5
> infact they use the same counter.

Maybe you are saying if action police follow with 'CONTROL' (reclassify | pipe | drop | continue | ok)  when offloading to hardware. With different 'CONTROL', the hardware counter won't changed since hardware never known what the 'CONTROL' is. This is still software part and will do at software part(although software seems not deal with this, I also suggest to after offloading should back to tcf_police_act() continue the action). 

When set to be offloading mode, the counters only showing the hardware counters(even different vendor could set different counter register.). But I don't think the index offloading could break anything.

> 
> 
> cheers,
> jamal


Br,
Po Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ