lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Mar 2014 11:02:23 +0000
From:	Thomas Graf <tgraf@...g.ch>
To:	Jamal Hadi Salim <jhs@...atatu.com>
Cc:	Jiri Pirko <jiri@...nulli.us>, netdev@...r.kernel.org,
	davem@...emloft.net, nhorman@...driver.com, andy@...yhouse.net,
	dborkman@...hat.com, ogerlitz@...lanox.com, jesse@...ira.com,
	pshelar@...ira.com, azhou@...ira.com, ben@...adent.org.uk,
	stephen@...workplumber.org, jeffrey.t.kirsher@...el.com,
	vyasevic@...hat.com, xiyou.wangcong@...il.com,
	john.r.fastabend@...el.com, edumazet@...gle.com,
	sfeldma@...ulusnetworks.com, f.fainelli@...il.com,
	roopa@...ulusnetworks.com, linville@...driver.com,
	dev@...nvswitch.org
Subject: Re: [patch net-next RFC v2 0/6] introduce infrastructure for support
 of switch chip datapath

On 03/27/14 at 06:27am, Jamal Hadi Salim wrote:
> On 03/27/14 03:21, Jiri Pirko wrote:
> >Wed, Mar 26, 2014 at 10:44:31PM CET, jhs@...atatu.com wrote:
> 
> >Well, I think there are 2 main models to be considered:
> >1. OSV-like model, where everything is flows and that is the OneWay(tm)
> >    mode you mentioned :)
> >2. clasic switch setting-like model where you manually set up vlans,
> >    lag, whatever.
> >
> >The phase one for me is 1. and that is what I'm trying to resolve with
> >this patchset.
> >
> > From what I understand from the discussion, 2. is likely the model you
> >have in mind.
> >
> 
> In my opinion there is no difference when setting the ACL table(s).
> We are going to need your .ndo for more than flows. Something
> in the stack is going to have to talk to those .ndo interfaces
> (I keep bringing up the concept of routing code for example).
> What i meant by no OneWay is i think it will depend on the
> chip - some will require more work than other. I do believe it
> is a longer discussion needed than the port resolving.

There is definitely need beyond an ndo that is capable of
adding flows. You mention routes. Another example would be
devices capable of offloading iptables & nft rules.

But wouldn't you want to introduce an additional ndo to
cover these?

What speaks against going with what Jiri proposes and adjust
& extend as needed as we go along?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ