lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Dec 2021 17:39:24 +0000
From:   Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu>
To:     Jamal Hadi Salim <jhs@...atatu.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     Taras Chornyi <taras.chornyi@...ision.eu>,
        Mickey Rachamim <mickeyr@...vell.com>,
        Serhiy Pshyk <serhiy.pshyk@...ision.eu>,
        Volodymyr Mytnyk <vmytnyk@...vell.com>,
        Taras Chornyi <tchornyi@...vell.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH net-next] net: prestera: flower template support

Hi Jamal,

>
> > From: Volodymyr Mytnyk<vmytnyk@...vell.com>
> > 
> > Add user template explicit support. At this moment, max TCAM rule size 
> > is utilized for all rules, doesn't matter which and how much flower 
> > matches are provided by user. It means that some of TCAM space is 
> > wasted, which impacts the number of filters that can be offloaded.
> > 
> > Introducing the template, allows to have more HW offloaded filters.
> > 
> > Example:
> >    tc qd add dev PORT clsact
> >    tc chain add dev PORT ingress protocol ip \
> >      flower dst_ip 0.0.0.0/16
> 
> "chain" or "filter"?

tc chain add ... flower [tempalte] is the command to add explicitly chain with a given template

tc filter ... is the command to add a filter itself in that chain

> 
> >    tc filter add dev PORT ingress protocol ip \
> >      flower skip_sw dst_ip 1.2.3.4/16 action drop
> 
> You are not using tc priority? Above will result in two priorities (the 0.0.0.0 entry will be more important) and in classical flower approach two  different tables.
> I am wondering how you map the table to the TCAM.
> Is the priority sorting entirely based on masks in hardware?

Kernel tc filter priority is used as a priority for HW rule (see flower implementation).

> 
> cheers,
> jamal

Regards,
  Volodymyr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ