lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201114035654.32658-1-grygorii.strashko@ti.com>
Date:   Sat, 14 Nov 2020 05:56:51 +0200
From:   Grygorii Strashko <grygorii.strashko@...com>
To:     "David S. Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>,
        Jakub Kicinski <kuba@...nel.org>,
        Vignesh Raghavendra <vigneshr@...com>
CC:     Sekhar Nori <nsekhar@...com>, <linux-kernel@...r.kernel.org>,
        <linux-omap@...r.kernel.org>, Tony Lindgren <tony@...mide.com>,
        Grygorii Strashko <grygorii.strashko@...com>
Subject: [PATCH net-next 0/3] net: ethernet: ti: cpsw: enable broadcast/multicast rate limit support

Hi

This series first adds supports for the ALE feature to rate limit number ingress
broadcast(BC)/multicast(MC) packets per/sec which main purpose is BC/MC storm
prevention.

And then enables corresponding support for ingress broadcast(BC)/multicast(MC)
rate limiting for TI CPSW switchdev and AM65x/J221E CPSW_NUSS drivers by
implementing HW offload for simple tc-flower policer with matches on dst_mac:
 - ff:ff:ff:ff:ff:ff has to be used for BC rate limiting
 - 01:00:00:00:00:00 fixed value has to be used for MC rate limiting

Hence tc policer defines rate limit in terms of bits per second, but the
ALE supports limiting in terms of packets per second - the rate limit
bits/sec is converted to number of packets per second assuming minimum
Ethernet packet size ETH_ZLEN=60 bytes.

The solution inspired patch from Vladimir Oltean [1].

Examples:
- BC rate limit to 1000pps:
  tc qdisc add dev eth0 clsact
  tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
  action police rate 480kbit burst 64k

  rate 480kbit - 1000pps * 60 bytes * 8, burst - not used.

- MC rate limit to 20000pps:
  tc qdisc add dev eth0 clsact
  tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00 \
  action police rate 9600kbit burst 64k

  rate 9600kbit - 20000pps * 60 bytes * 8, burst - not used.

- show: tc filter show dev eth0 ingress
filter protocol all pref 49151 flower chain 0
filter protocol all pref 49151 flower chain 0 handle 0x1
  dst_mac ff:ff:ff:ff:ff:ff
  skip_sw
  in_hw in_hw_count 1
        action order 1:  police 0x2 rate 480Kbit burst 64Kb mtu 2Kb action reclassify overhead 0b
        ref 1 bind 1

filter protocol all pref 49152 flower chain 0
filter protocol all pref 49152 flower chain 0 handle 0x1
  dst_mac 01:00:00:00:00:00
  skip_sw
  in_hw in_hw_count 1
        action order 1:  police 0x1 rate 9600Kbit burst 64Kb mtu 2Kb action reclassify overhead 0b
        ref 1 bind

Testing MC with iperf:
- client
  -- setup tc-flower as per above
  route add -host 239.255.1.3 eth0
  iperf -s -B 239.255.1.3 -u -f m &
  cat /sys/class/net/eth0/statistics/rx_packets

- server
  route add -host 239.255.1.3 eth0
  iperf -c 239.255.1.3 -u -f m -i 5 -t 30 -l1472  -b121760000 -t1 //~10000pps

[1] https://lore.kernel.org/patchwork/patch/1217254/

Grygorii Strashko (3):
  drivers: net: cpsw: ale: add broadcast/multicast rate limit support
  net: ethernet: ti: cpsw_new: enable broadcast/multicast rate limit
    support
  net: ethernet: ti: am65-cpsw: enable broadcast/multicast rate limit
    support

 drivers/net/ethernet/ti/am65-cpsw-qos.c | 148 ++++++++++++++++++++
 drivers/net/ethernet/ti/am65-cpsw-qos.h |   8 ++
 drivers/net/ethernet/ti/cpsw_ale.c      |  66 +++++++++
 drivers/net/ethernet/ti/cpsw_ale.h      |   2 +
 drivers/net/ethernet/ti/cpsw_new.c      |   4 +-
 drivers/net/ethernet/ti/cpsw_priv.c     | 171 ++++++++++++++++++++++++
 drivers/net/ethernet/ti/cpsw_priv.h     |   8 ++
 7 files changed, 406 insertions(+), 1 deletion(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ