lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241023135251.1752488-1-vladimir.oltean@nxp.com>
Date: Wed, 23 Oct 2024 16:52:45 +0300
From: Vladimir Oltean <vladimir.oltean@....com>
To: netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Andrew Lunn <andrew@...n.ch>,
	Florian Fainelli <f.fainelli@...il.com>,
	Petr Machata <petrm@...dia.com>,
	Ido Schimmel <idosch@...dia.com>,
	Claudiu Manoil <claudiu.manoil@....com>,
	Alexandre Belloni <alexandre.belloni@...tlin.com>,
	UNGLinuxDriver@...rochip.com,
	Jamal Hadi Salim <jhs@...atatu.com>,
	Cong Wang <xiyou.wangcong@...il.com>,
	Jiri Pirko <jiri@...nulli.us>,
	Vlad Buslov <vladbu@...dia.com>,
	Simon Horman <horms@...nel.org>,
	Christian Marangi <ansuelsmth@...il.com>,
	Arun Ramadoss <arun.ramadoss@...rochip.com>,
	Arınç ÜNAL <arinc.unal@...nc9.com>,
	linux-kernel@...r.kernel.org
Subject: [PATCH v3 net-next 0/6] Mirroring to DSA CPU port

Users of the NXP LS1028A SoC (drivers/net/dsa/ocelot L2 switch inside)
have requested to mirror packets from the ingress of a switch port to
software. Both port-based and flow-based mirroring is required.

The simplest way I could come up with was to set up tc mirred actions
towards a dummy net_device, and make the offloading of that be accepted
by the driver. Currently, the pattern in drivers is to reject mirred
towards ports they don't know about, but I'm now permitting that,
precisely by mirroring "to the CPU".

For testers, this series depends on commit 34d35b4edbbe ("net/sched:
act_api: deny mismatched skip_sw/skip_hw flags for actions created by
classifiers") from net/main, which is absent from net-next as of the
day of posting (Oct 23). Without the bug fix it is possible to create
invalid configurations which are not rejected by the kernel.

Changes from v2:
- Move skip_sw from struct flow_cls_offload and struct
  tc_cls_matchall_offload to struct flow_cls_common_offload.

Changes from RFC:
- Sent the bug fix separately, now merged as commit 8c924369cb56 ("net:
  dsa: refuse cross-chip mirroring operations") in the "net" tree
- Allow mirroring to the ingress of another switch port (using software)
  both for matchall in DSA and flower offload in ocelot
- Patch 3/6 is new

Link to v2:
https://lore.kernel.org/netdev/20241017165215.3709000-1-vladimir.oltean@nxp.com/

Link to previous RFC:
https://lore.kernel.org/netdev/20240913152915.2981126-1-vladimir.oltean@nxp.com/

For historical purposes, link to a much older (and much different) attempt:
https://lore.kernel.org/netdev/20191002233750.13566-1-olteanv@gmail.com/

Vladimir Oltean (6):
  net: sched: propagate "skip_sw" flag to struct flow_cls_common_offload
  net: dsa: clean up dsa_user_add_cls_matchall()
  net: dsa: use "extack" as argument to
    flow_action_basic_hw_stats_check()
  net: dsa: add more extack messages in
    dsa_user_add_cls_matchall_mirred()
  net: dsa: allow matchall mirroring rules towards the CPU
  net: mscc: ocelot: allow tc-flower mirred action towards foreign
    interfaces

 drivers/net/ethernet/mscc/ocelot_flower.c | 54 ++++++++++++----
 include/net/flow_offload.h                |  1 +
 include/net/pkt_cls.h                     |  1 +
 net/dsa/user.c                            | 78 +++++++++++++++++------
 4 files changed, 103 insertions(+), 31 deletions(-)

-- 
2.43.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ