lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1456421844-5901-1-git-send-email-pablo@netfilter.org>
Date:	Thu, 25 Feb 2016 18:37:21 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	netdev@...r.kernel.org
Cc:	davem@...emloft.net, jiri@...nulli.us, horms@...ge.net.au,
	john.fastabend@...il.com
Subject: [PATCH RFC 0/3] intermediate representation for jit and cls_u32 conversion

Hi,

This patchset contains the core infrastructure for the generic
intermediate representation that I presented during NetDev 1.1's
nftables switchdev talk. This includes the basic infrastructure to
convert the tc cls_u32 based on John's parser.

The main goals of this patchset are:

* Provide an unified abstract syntax tree (ast) that can be passed to
  the backend driver for translation to internal representation. Then,
  based on the backend description, generate the internal
  representation. This should reduce the amount of code to maintain
  in the driver since every frontend, via parser, generates the ast
  that is consumed by the driver through one single ndo indirection.

* Avoid exposing low-level frontend details to the backend, such as
  structure layouts. If the frontend needs to be updated to support a
  new software feature, it is desiderable that such changes don't
  trigger large updates to every driver supporting offloads.

* Having a common parser for every frontend, instead of allowing each
  backend driver to re-invent the wheel with its own parser, this is
  just spreading out complexity all over the place.

A summary picture of the infrastructure looks like this:

                parser
        tc-u32 -------
                       \            jit
     tc-flower -------------- ast ------> Backend driver
                       /
           nft -------

So the idea is that every frontend implements a parser that builds the
ast, then this ast is passed via ndo to the driver. The parser is common
to everyone, is part of the common core infrastructure.

The tc-u32 parser is a bit complicated because of having the matching
spread out in different rules through links, but John already came up a
basic parser than should be placed in the frontend so everyone can
improve it to generate more expressive ast.

Note: I don't have access to ixgbe hardware, so I have validated this
patchset by splicing main parts of the ixgbe backend jit code in simple
debugging patches that I have here. Quite rudimentary but it has passed
some basic tests, may still have gotten anything broken. Anyway, the
main goal is to generate debate on this.

Comments welcome, thanks.

Pablo Neira Ayuso (3):
  net: ixgbe: add struct igxbe_filter
  net: intermediate representation for jit translation
  net: convert tc_u32 to use the intermediate representation

 drivers/net/ethernet/intel/ixgbe/ixgbe.h       |   4 -
 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c  | 249 +++++++++---------
 drivers/net/ethernet/intel/ixgbe/ixgbe_model.h | 112 --------
 include/net/ir.h                               | 173 +++++++++++++
 include/net/pkt_cls.h                          |   3 +
 net/core/Makefile                              |   2 +-
 net/core/ir.c                                  | 219 ++++++++++++++++
 net/sched/cls_u32.c                            | 344 +++++++++++++++++++++++++
 8 files changed, 866 insertions(+), 240 deletions(-)
 delete mode 100644 drivers/net/ethernet/intel/ixgbe/ixgbe_model.h
 create mode 100644 include/net/ir.h
 create mode 100644 net/core/ir.c

-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ