| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Apr 2022 13:29:26 +0300
From: Grygorii Strashko <grygorii.strashko@...com>
To: "David S. Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>,
Jakub Kicinski <kuba@...nel.org>
CC: <linux-kernel@...r.kernel.org>,
Kishon Vijay Abraham I <kishon@...com>,
Vignesh Raghavendra <vigneshr@...com>,
<linux-omap@...r.kernel.org>, Tony Lindgren <tony@...mide.com>,
Andrew Lunn <andrew@...n.ch>,
Vladimir Oltean <vladimir.oltean@....com>,
Grygorii Strashko <grygorii.strashko@...com>
Subject: [PATCH net-next v3 0/3] net: ethernet: ti: enable bc/mc storm prevention support
Hi
This series first adds supports for the ALE feature to rate limit number ingress
broadcast(BC)/multicast(MC) packets per/sec which main purpose is BC/MC storm
prevention.
And then enables corresponding support for ingress broadcast(BC)/multicast(MC)
packets rate limiting for TI CPSW switchdev and AM65x/J221E CPSW_NUSS drivers by
implementing HW offload for simple tc-flower with policer action with matches
on dst_mac/mask:
- ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff has to be used for BC packets rate
limiting (exact match)
- 01:00:00:00:00:00/01:00:00:00:00:00 fixed value has to be used for MC
packets rate limiting
The CPSW supports MC/BC packets rate limiting in packets/sec and affects
all ingress MC/BC packets and serves as BC/MC storm prevention feature.
Examples:
- BC rate limit to 1000pps:
tc qdisc add dev eth0 clsact
tc filter add dev eth0 ingress flower skip_sw dst_mac ff:ff:ff:ff:ff:ff \
action police pkts_rate 1000 pkts_burst 1 drop
- MC rate limit to 20000pps:
tc qdisc add dev eth0 clsact
tc filter add dev eth0 ingress flower skip_sw dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 \
action police rate pkts_rate 20000 pkts_burst 1 drop
pkts_burst - not used.
The solution inspired patch from Vladimir Oltean [1].
Changes in v3:
- comments applied
- policer validation added
Changes in v2:
- switch to packet-per-second policing introduced by
commit 2ffe0395288a ("net/sched: act_police: add support for packet-per-second policing") [2]
v2: https://patchwork.kernel.org/project/netdevbpf/cover/20211101170122.19160-1-grygorii.strashko@ti.com/
v1: https://patchwork.kernel.org/project/netdevbpf/cover/20201114035654.32658-1-grygorii.strashko@ti.com/
[1] https://lore.kernel.org/patchwork/patch/1217254/
[2] https://patchwork.kernel.org/project/netdevbpf/cover/20210312140831.23346-1-simon.horman@netronome.com/
Grygorii Strashko (3):
drivers: net: cpsw: ale: add broadcast/multicast rate limit support
net: ethernet: ti: am65-cpsw: enable bc/mc storm prevention support
net: ethernet: ti: cpsw_new: enable bc/mc storm prevention support
drivers/net/ethernet/ti/am65-cpsw-qos.c | 180 +++++++++++++++++++++
drivers/net/ethernet/ti/am65-cpsw-qos.h | 8 +
drivers/net/ethernet/ti/cpsw_ale.c | 66 ++++++++
drivers/net/ethernet/ti/cpsw_ale.h | 2 +
drivers/net/ethernet/ti/cpsw_new.c | 4 +-
drivers/net/ethernet/ti/cpsw_priv.c | 205 ++++++++++++++++++++++++
drivers/net/ethernet/ti/cpsw_priv.h | 8 +
7 files changed, 472 insertions(+), 1 deletion(-)
--
2.17.1
Powered by blists - more mailing lists