| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Nov 2020 05:56:51 +0200
From: Grygorii Strashko <grygorii.strashko@...com>
To: "David S. Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>,
Jakub Kicinski <kuba@...nel.org>,
Vignesh Raghavendra <vigneshr@...com>
CC: Sekhar Nori <nsekhar@...com>, <linux-kernel@...r.kernel.org>,
<linux-omap@...r.kernel.org>, Tony Lindgren <tony@...mide.com>,
Grygorii Strashko <grygorii.strashko@...com>
Subject: [PATCH net-next 0/3] net: ethernet: ti: cpsw: enable broadcast/multicast rate limit support
Hi
This series first adds supports for the ALE feature to rate limit number ingress
broadcast(BC)/multicast(MC) packets per/sec which main purpose is BC/MC storm
prevention.
And then enables corresponding support for ingress broadcast(BC)/multicast(MC)
rate limiting for TI CPSW switchdev and AM65x/J221E CPSW_NUSS drivers by
implementing HW offload for simple tc-flower policer with matches on dst_mac:
- ff:ff:ff:ff:ff:ff has to be used for BC rate limiting
- 01:00:00:00:00:00 fixed value has to be used for MC rate limiting
Hence tc policer defines rate limit in terms of bits per second, but the
ALE supports limiting in terms of packets per second - the rate limit
bits/sec is converted to number of packets per second assuming minimum
Ethernet packet size ETH_ZLEN=60 bytes.
The solution inspired patch from Vladimir Oltean [1].
Examples:
- BC rate limit to 1000pps:
tc qdisc add dev eth0 clsact
tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
action police rate 480kbit burst 64k
rate 480kbit - 1000pps * 60 bytes * 8, burst - not used.
- MC rate limit to 20000pps:
tc qdisc add dev eth0 clsact
tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00 \
action police rate 9600kbit burst 64k
rate 9600kbit - 20000pps * 60 bytes * 8, burst - not used.
- show: tc filter show dev eth0 ingress
filter protocol all pref 49151 flower chain 0
filter protocol all pref 49151 flower chain 0 handle 0x1
dst_mac ff:ff:ff:ff:ff:ff
skip_sw
in_hw in_hw_count 1
action order 1: police 0x2 rate 480Kbit burst 64Kb mtu 2Kb action reclassify overhead 0b
ref 1 bind 1
filter protocol all pref 49152 flower chain 0
filter protocol all pref 49152 flower chain 0 handle 0x1
dst_mac 01:00:00:00:00:00
skip_sw
in_hw in_hw_count 1
action order 1: police 0x1 rate 9600Kbit burst 64Kb mtu 2Kb action reclassify overhead 0b
ref 1 bind
Testing MC with iperf:
- client
-- setup tc-flower as per above
route add -host 239.255.1.3 eth0
iperf -s -B 239.255.1.3 -u -f m &
cat /sys/class/net/eth0/statistics/rx_packets
- server
route add -host 239.255.1.3 eth0
iperf -c 239.255.1.3 -u -f m -i 5 -t 30 -l1472 -b121760000 -t1 //~10000pps
[1] https://lore.kernel.org/patchwork/patch/1217254/
Grygorii Strashko (3):
drivers: net: cpsw: ale: add broadcast/multicast rate limit support
net: ethernet: ti: cpsw_new: enable broadcast/multicast rate limit
support
net: ethernet: ti: am65-cpsw: enable broadcast/multicast rate limit
support
drivers/net/ethernet/ti/am65-cpsw-qos.c | 148 ++++++++++++++++++++
drivers/net/ethernet/ti/am65-cpsw-qos.h | 8 ++
drivers/net/ethernet/ti/cpsw_ale.c | 66 +++++++++
drivers/net/ethernet/ti/cpsw_ale.h | 2 +
drivers/net/ethernet/ti/cpsw_new.c | 4 +-
drivers/net/ethernet/ti/cpsw_priv.c | 171 ++++++++++++++++++++++++
drivers/net/ethernet/ti/cpsw_priv.h | 8 ++
7 files changed, 406 insertions(+), 1 deletion(-)
--
2.17.1
Powered by blists - more mailing lists