lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 8 May 2024 10:59:29 +0000
From: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>
To: "Samudrala, Sridhar" <sridhar.samudrala@...el.com>,
	Asbjørn Sloth Tønnesen <ast@...erby.net>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Eric Dumazet
	<edumazet@...gle.com>, "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "David S.
 Miller" <davem@...emloft.net>, "intel-wired-lan@...ts.osuosl.org"
	<intel-wired-lan@...ts.osuosl.org>
Subject: RE: [Intel-wired-lan] [PATCH iwl-next] i40e: flower: validate control
 flags

Hi,

I'm able to test this patch on i40e interface from ADQ perspective. Getting 'Not supported' message when tried to configure tc rule with control flags.

[root@...node3-BINDU ~]# rmmod i40e
rmmod: ERROR: Module i40e is in use by: irdma
[root@...node3-BINDU ~]#  modprobe i40e
[root@...node3-BINDU ~]#  ethtool -K ens801f0np0 ntuple off
[root@...node3-BINDU ~]#  ethtool -K ens801f0np0 hw-tc-offload on
[root@...node3-BINDU ~]#  tc qdisc add dev ens801f0np0 ingress
[root@...node3-BINDU ~]#  tc qdisc add dev ens801f0np0 root mqprio num_tc 2 map 0 1 queues 2@0 8@2 hw 1 mode channel
[root@...node3-BINDU ~]# tc filter add dev ens801f0np0 protocol ip parent ffff: prio 1 flower dst_ip 192.168.1.10 ip_proto tcp dst_port 12000 ip_flags frag skip_sw hw_tc 1
RTNETLINK answers: Operation not supported
We have an error talking to the kernel
[root@...node3-BINDU ~]# tc filter add dev ens801f0np0 protocol ip parent ffff: prio 1 flower dst_ip 192.168.1.10 ip_proto tcp dst_port 12000 ip_flags frag/firstfrag  skip_sw hw_tc 1
RTNETLINK answers: Operation not supported
We have an error talking to the kernel
[root@...node3-BINDU ~]# tc filter add dev ens801f0np0 protocol ip parent ffff: prio 1 flower dst_ip 192.168.1.10 ip_proto tcp dst_port 12000 skip_sw hw_tc 1
[root@...node3-BINDU ~]# tc filter show dev ens801f0np0 root
filter parent ffff: protocol ip pref 1 flower chain 0 
filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1 hw_tc 1 
  eth_type ipv4
  ip_proto tcp
  dst_ip 192.168.1.10
  dst_port 12000
  skip_sw
  in_hw in_hw_count 1
[root@...node3-BINDU ~]# tc filter add dev ens801f0np0 protocol ip parent ffff: prio 1 flower dst_ip 192.168.1.10 ip_proto tcp dst_port 12000 ip_flags frag/firstfrag hw_tc 1
[root@...node3-BINDU ~]# tc filter show dev ens801f0np0 root
filter parent ffff: protocol ip pref 1 flower chain 0 
filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x1 hw_tc 1 
  eth_type ipv4
  ip_proto tcp
  dst_ip 192.168.1.10
  dst_port 12000
  skip_sw
  in_hw in_hw_count 1
filter parent ffff: protocol ip pref 1 flower chain 0 handle 0x2 hw_tc 1 
  eth_type ipv4
  ip_proto tcp
  dst_ip 192.168.1.10
  dst_port 12000
  ip_flags frag/firstfrag
  not_in_hw

Regards,
Sujai B

> -----Original Message-----
> From: Samudrala, Sridhar <sridhar.samudrala@...el.com>
> Sent: Monday, May 6, 2024 11:25 PM
> To: Asbjørn Sloth Tønnesen <ast@...erby.net>; Buvaneswaran, Sujai
> <sujai.buvaneswaran@...el.com>
> Cc: netdev@...r.kernel.org; linux-kernel@...r.kernel.org; Eric Dumazet
> <edumazet@...gle.com>; Nguyen, Anthony L
> <anthony.l.nguyen@...el.com>; Jakub Kicinski <kuba@...nel.org>; Paolo
> Abeni <pabeni@...hat.com>; David S. Miller <davem@...emloft.net>;
> intel-wired-lan@...ts.osuosl.org
> Subject: Re: [Intel-wired-lan] [PATCH iwl-next] i40e: flower: validate control
> flags
> 
> 
> 
> On 5/6/2024 1:44 AM, Asbjørn Sloth Tønnesen wrote:
> > Hi Sujai,
> >
> > Thank you for testing.
> >
> > On 5/6/24 5:32 AM, Buvaneswaran, Sujai wrote:
> >> HW offload is not supported on the i40e interface. This patch cannot
> >> be tested on i40e interface.
> >
> > To me it looks like it's supported (otherwise there is a lot of dead
> > flower code in i40e_main.c), although it's a bit limited in
> > functionality, and is called "cloud filters".
> >
> > static const struct net_device_ops i40e_netdev_ops = {
> >      [...]
> >      .ndo_setup_tc           = __i40e_setup_tc,
> >      [...]
> > };
> >
> > There is a path from __i40e_setup_tc() to i40e_parse_cls_flower(), so
> > it should be possible to test this patch.
> >
> > Most of the gatekeeping is in i40e_configure_clsflower().
> >
> > I think you should be able to get past the gatekeeping with this:
> >
> > ethtool -K $iface ntuple off
> > ethtool -K $iface hw-tc-offload on
> > tc qdisc add dev $iface ingress
> 
> One step is missing before adding the filter.
> In order to use hw_tc action, queue groups need to be created and can be
> done using
> 
> tc qdisc add dev $iface root mqprio num_tc 2 map 0 1 queues 2@0 8@2 hw 1
> mode channel
> 
> > tc filter add dev $iface protocol ip parent ffff: prio 1 flower
> > dst_mac
> > 3c:fd:fe:a0:d6:70 ip_flags frag skip_sw hw_tc 1
> >
> > The above filter is based on the first example in:
> >    [jkirsher/next-queue PATCH v5 6/6] i40e: Enable cloud filters via
> > tc-flower
> >
> >
> https://lore.kernel.org/netdev/150909696126.48377.794676088838721605.s
> > tgit@...mdev.jf.intel.com/
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ