| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241023135251.1752488-1-vladimir.oltean@nxp.com>
Date: Wed, 23 Oct 2024 16:52:45 +0300
From: Vladimir Oltean <vladimir.oltean@....com>
To: netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Petr Machata <petrm@...dia.com>,
Ido Schimmel <idosch@...dia.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
UNGLinuxDriver@...rochip.com,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...nulli.us>,
Vlad Buslov <vladbu@...dia.com>,
Simon Horman <horms@...nel.org>,
Christian Marangi <ansuelsmth@...il.com>,
Arun Ramadoss <arun.ramadoss@...rochip.com>,
Arınç ÜNAL <arinc.unal@...nc9.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH v3 net-next 0/6] Mirroring to DSA CPU port
Users of the NXP LS1028A SoC (drivers/net/dsa/ocelot L2 switch inside)
have requested to mirror packets from the ingress of a switch port to
software. Both port-based and flow-based mirroring is required.
The simplest way I could come up with was to set up tc mirred actions
towards a dummy net_device, and make the offloading of that be accepted
by the driver. Currently, the pattern in drivers is to reject mirred
towards ports they don't know about, but I'm now permitting that,
precisely by mirroring "to the CPU".
For testers, this series depends on commit 34d35b4edbbe ("net/sched:
act_api: deny mismatched skip_sw/skip_hw flags for actions created by
classifiers") from net/main, which is absent from net-next as of the
day of posting (Oct 23). Without the bug fix it is possible to create
invalid configurations which are not rejected by the kernel.
Changes from v2:
- Move skip_sw from struct flow_cls_offload and struct
tc_cls_matchall_offload to struct flow_cls_common_offload.
Changes from RFC:
- Sent the bug fix separately, now merged as commit 8c924369cb56 ("net:
dsa: refuse cross-chip mirroring operations") in the "net" tree
- Allow mirroring to the ingress of another switch port (using software)
both for matchall in DSA and flower offload in ocelot
- Patch 3/6 is new
Link to v2:
https://lore.kernel.org/netdev/20241017165215.3709000-1-vladimir.oltean@nxp.com/
Link to previous RFC:
https://lore.kernel.org/netdev/20240913152915.2981126-1-vladimir.oltean@nxp.com/
For historical purposes, link to a much older (and much different) attempt:
https://lore.kernel.org/netdev/20191002233750.13566-1-olteanv@gmail.com/
Vladimir Oltean (6):
net: sched: propagate "skip_sw" flag to struct flow_cls_common_offload
net: dsa: clean up dsa_user_add_cls_matchall()
net: dsa: use "extack" as argument to
flow_action_basic_hw_stats_check()
net: dsa: add more extack messages in
dsa_user_add_cls_matchall_mirred()
net: dsa: allow matchall mirroring rules towards the CPU
net: mscc: ocelot: allow tc-flower mirred action towards foreign
interfaces
drivers/net/ethernet/mscc/ocelot_flower.c | 54 ++++++++++++----
include/net/flow_offload.h | 1 +
include/net/pkt_cls.h | 1 +
net/dsa/user.c | 78 +++++++++++++++++------
4 files changed, 103 insertions(+), 31 deletions(-)
--
2.43.0
Powered by blists - more mailing lists