lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230127130830.1481526-1-steen.hegelund@microchip.com>
Date:   Fri, 27 Jan 2023 14:08:22 +0100
From:   Steen Hegelund <steen.hegelund@...rochip.com>
To:     "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
CC:     Steen Hegelund <steen.hegelund@...rochip.com>,
        <UNGLinuxDriver@...rochip.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Casper Andersson" <casper.casan@...il.com>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Wan Jiabing <wanjiabing@...o.com>,
        "Nathan Huckleberry" <nhuck@...gle.com>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        "Steen Hegelund" <Steen.Hegelund@...rochip.com>,
        Daniel Machon <daniel.machon@...rochip.com>,
        Horatiu Vultur <horatiu.vultur@...rochip.com>,
        Lars Povlsen <lars.povlsen@...rochip.com>,
        Dan Carpenter <error27@...il.com>,
        Michael Walle <michael@...le.cc>
Subject: [PATCH net-next 0/8] Adding Sparx5 ES2 VCAP support

This provides the Egress Stage 2 (ES2) VCAP (Versatile Content-Aware
Processor) support for the Sparx5 platform.

The ES2 VCAP is an Egress Access Control VCAP that uses frame keyfields and
previously classified keyfields to apply e.g. policing, trapping or
mirroring to frames.

The ES2 VCAP has 2 lookups and they are accessible with a TC chain id:

- chain 20000000: ES2 Lookup 0
- chain 20100000: ES2 Lookup 1

As the other Sparx5 VCAPs the ES2 VCAP has its own lookup/port keyset
configuration that decides which keys will be used for matching on which
traffic type.

The ES2 VCAP has these traffic classifications:

- IPv4 frames
- IPv6 frames
- Other frames

The ES2 VCAP can match on an ISDX key (Ingress Service Index) as one of the
frame metadata keyfields.  The IS0 VCAP can update this key using its
actions, and this allows a IS0 VCAP rule to be linked to an ES2 rule.

This is similar to how the IS0 VCAP and the IS2 VCAP use the PAG
(Policy Association Group) keyfield to link rules.

>From user space this is exposed via "chain offsets", so an IS0 rule with a
"goto chain 20000015" action will use an ISDX key value of 15 to link to a
rule in the ES2 VCAP attached to the same chain id.

Steen Hegelund (8):
  net: microchip: sparx5: Add support for getting keysets without a type
    id
  net: microchip: sparx5: Improve the IP frame key match for IPv6 frames
  net: microchip: sparx5: Improve error message when parsing CVLAN
    filter
  net: microchip: sparx5: Add ES2 VCAP model and updated KUNIT VCAP
    model
  net: microchip: sparx5: Add ES2 VCAP keyset configuration for Sparx5
  net: microchip: sparx5: Add ingress information to VCAP instance
  net: microchip: sparx5: Add TC support for the ES2 VCAP
  net: microchip: sparx5: Add  KUNIT tests for enabling/disabling chains

 .../ethernet/microchip/lan966x/lan966x_main.h |    3 +-
 .../ethernet/microchip/lan966x/lan966x_tc.c   |    2 +-
 .../microchip/lan966x/lan966x_tc_flower.c     |   16 +-
 .../microchip/lan966x/lan966x_vcap_impl.c     |    3 +
 .../ethernet/microchip/sparx5/sparx5_main.c   |    1 +
 .../microchip/sparx5/sparx5_main_regs.h       |  227 +++-
 .../microchip/sparx5/sparx5_tc_flower.c       |   57 +-
 .../microchip/sparx5/sparx5_vcap_ag_api.c     | 1166 ++++++++++++++++-
 .../microchip/sparx5/sparx5_vcap_debugfs.c    |  117 ++
 .../microchip/sparx5/sparx5_vcap_impl.c       |  786 +++++++++--
 .../microchip/sparx5/sparx5_vcap_impl.h       |   34 +
 .../net/ethernet/microchip/vcap/vcap_ag_api.h |   11 +-
 .../net/ethernet/microchip/vcap/vcap_api.c    |   36 +-
 .../net/ethernet/microchip/vcap/vcap_api.h    |    1 +
 .../ethernet/microchip/vcap/vcap_api_client.h |    2 +-
 .../microchip/vcap/vcap_api_debugfs.c         |    6 +-
 .../microchip/vcap/vcap_api_debugfs_kunit.c   |    4 +
 .../ethernet/microchip/vcap/vcap_api_kunit.c  |   66 +
 .../microchip/vcap/vcap_model_kunit.c         |   14 +-
 19 files changed, 2390 insertions(+), 162 deletions(-)

-- 
2.39.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ