lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210621083037.GA9665@builder>
Date:   Mon, 21 Jun 2021 11:32:27 +0300
From:   Boris Sukholitko <boris.sukholitko@...adcom.com>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     Vadym Kochan <vadym.kochan@...ision.eu>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Andrew Lunn <andrew@...n.ch>,
        Serhiy Boiko <serhiy.boiko@...ision.eu>,
        Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        jiri@...nulli.us, idosch@...sch.org, ilya.lifshits@...adcom.com
Subject: Re: [PATCH net-next] net/sched: cls_flower: fix resetting of ether
 proto mask

On Thu, Jun 17, 2021 at 10:51:02PM +0300, Vladimir Oltean wrote:
> On Thu, Jun 17, 2021 at 07:41:55PM +0300, Vladimir Oltean wrote:
> > On Thu, Jun 17, 2021 at 07:14:35PM +0300, Vadym Kochan wrote:

[snip excellent problem analysis]

> So maybe it is the flow dissector we need to fix, to make it give us an
> additional pure EtherType if asked for, make tc-flower use that
> dissector key instead, and then revert Jamal's user space patch, and we
> should all install our tc filters as:
> 
> tc filter add dev sw1p0 ingress handle 11 protocol all flower eth_type 0x8864 skip_hw action drop
> 
> ?

I like this solution. To be more explicit, the plan becomes:

1. Add FLOW_DISSECTOR_KEY_ETH_TYPE and struct flow_dissector_key_eth_type.
2. Have skb flow dissector use it.
3. Userspace does not set TCA_FLOWER_KEY_ETH_TYPE automagically
   anymore. cls_flower takes basic.n_proto from struct tcf_proto.
4. Add eth_type to the userspace and use it to set TCA_FLOWER_KEY_ETH_TYPE
5. Existence of TCA_FLOWER_KEY_ETH_TYPE triggers new eth_type dissector.

IMHO this neatly solves non-vlan protocol match case.

What should we do with the VLANs then? Should we have vlan_pure_ethtype
and cvlan_pure_ethtype as additional keys?

> 
> Or maybe just be like you, say I don't care about any of that, I just
> want it to behave as before, and simply revert Boris's patch. Ok, maybe

FTR I fully support reverting the patch. Please accept my apologies for
breaking the HW offload and big thanks to Vadym for finding it.

I will send the revert shortly.

Thanks,
Boris.

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4221 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ