lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 23 Jan 2015 08:08:28 -0800
From:	John Fastabend <john.fastabend@...il.com>
To:	Thomas Graf <tgraf@...g.ch>
CC:	Jiri Pirko <jiri@...nulli.us>, Jamal Hadi Salim <jhs@...atatu.com>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	simon.horman@...ronome.com, sfeldma@...il.com,
	netdev@...r.kernel.org, davem@...emloft.net, gerlitz.or@...il.com,
	andy@...yhouse.net, ast@...mgrid.com
Subject: Re: [net-next PATCH v3 00/12] Flow API

On 01/23/2015 08:00 AM, Thomas Graf wrote:
> On 01/23/15 at 04:53pm, Jiri Pirko wrote:
>> Fri, Jan 23, 2015 at 04:34:55PM CET, john.fastabend@...il.com wrote:
>>> What I don't have a lot of use for at the moment is an xflows that runs
>>> in software? Conceptually it sounds fine but why would I want to mirror
>>> hardware limitations into software? And if I make it completely generic
>>> it becomes u32 more or less. I could create an optimized version of the
>>> hardware dataplane in userspace which sits somewhere between u32 and the
>>> other classifiers on flexility and maybe gains some performance but I'm
>>> at a loss as to why this is useful. I would rather spend my time getting
>>> better performance out of u32 and dropping qdisc_lock completely then
>>> writing some partially useful filter for software.
>>
>> Well, even software implementation has limitations. Take ovs kernel
>> datapath as example. You can use your graphs to describe exactly what
>> ovs can handle. And after that you could use xflows api to set it up as
>> well as your rocker offload. That to me seems lie a very nice feature to
>> have.
>
> What is the value of this? The OVS kernel datapath is already built to
> fall back to user space if the kernel datapath does not support a
> specific feature.
>

I might be reaching.. but one advantage of something like this API is
the headers are not pre-defined nor are the actions. Coupled with eBPF
or a generic parser (think optimized u32) you would provide the ability
to configure the OVS fields in use and the actions being supported. Also
I haven't thought about it as much but if you had programmable hardware
and/or software you could create the set operations for headers, tables,
actions. I've done some work on the set tables because its relatively
common on existing hardware. Its on github in the flow tool and the
user space tester flowd.

I think the OVS folks have been thinking along these lines. Of course
your still bound by OF1.x at the moment.

.John

-- 
John Fastabend         Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ