lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Nov 2022 08:49:25 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Steen Hegelund <steen.hegelund@...rochip.com>
Cc:     Casper Andersson <casper.casan@...il.com>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>,
        <UNGLinuxDriver@...rochip.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Russell King <rmk+kernel@...linux.org.uk>,
        "Wan Jiabing" <wanjiabing@...o.com>,
        Nathan Huckleberry <nhuck@...gle.com>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        Daniel Machon <daniel.machon@...rochip.com>,
        Horatiu Vultur <horatiu.vultur@...rochip.com>,
        Lars Povlsen <lars.povlsen@...rochip.com>
Subject: Re: [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc
 flower keys for the IS2 VCAP

On Tue, 1 Nov 2022 08:31:16 +0100 Steen Hegelund wrote:
> > Previous series in this context means previous revision or something
> > that was already merged?  
> 
> Casper refers to this series (the first of the VCAP related series) that was merged on Oct 24th:
> 
> https://lore.kernel.org/all/20221020130904.1215072-1-steen.hegelund@microchip.com/

Alright, looks like this is only in net-next so no risk of breaking
existing users.
 
That said you should reject filters you can't support with an extack
message set. Also see below.

> > > tc filter add dev eth3 ingress chain 8000000 prio 10 handle 10 \  
> > 
> > How are you using chains?  
> 
> The chain ids are referring to the VCAP instances and their lookups.  There are some more details
> about this in the series I referred to above.
> 
> The short version is that this allows you to select where in the frame processing flow your rule
> will be inserted (using ingress or egress and the chain id).
> 
> > I thought you need to offload FLOW_ACTION_GOTO to get to a chain,
> > and I get no hits on this driver.  
> 
> I have not yet added the goto action, but one use of that is to chain a filter from one VCAP
> instance/lookup to another.
> 
> The goto action will be added in a soon-to-come series.  I just wanted to avoid a series getting too
> large, but on the other hand each of them should provide functionality that you can use in practice.

The behavior of the offload must be the same as the SW implementation.
It sounds like in your case it very much isn't, as adding rules to 
a magic chain in SW, without the goto will result in the rules being
unused.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ