lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Sep 2017 14:31:36 +0200
From:   Paolo Abeni <pabeni@...hat.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     Or Gerlitz <gerlitz.or@...il.com>, Jiri Benc <jbenc@...hat.com>,
        Simon Horman <simon.horman@...ronome.com>,
        David Miller <davem@...emloft.net>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Linux Netdev List <netdev@...r.kernel.org>,
        oss-drivers@...ronome.com, John Hurley <john.hurley@...ronome.com>,
        Paul Blakey <paulb@...lanox.com>,
        Jiri Pirko <jiri@...lanox.com>, Roi Dayan <roid@...lanox.com>
Subject: Re: tc H/W offload issue with vxlan tunnels [was: nfp: flower vxlan
 tunnel offload]

On Wed, 2017-09-27 at 13:11 +0200, Jiri Pirko wrote:
> Wed, Sep 27, 2017 at 11:46:58AM CEST, pabeni@...hat.com wrote:
> > On Wed, 2017-09-27 at 11:17 +0200, Jiri Pirko wrote:
> > > Wed, Sep 27, 2017 at 10:29:35AM CEST, pabeni@...hat.com wrote:
> > > > So it looks like the H/W offload hook will still be called with the
> > > > same arguments in both case, and 'bad' rule will still be pushed to the
> > > > H/W as the driver itself has no way to distinct between the two
> > > > scenarios.
> > > 
> > > Why "bad"?
> > 
> > Such rule is coped differently by the SW and the HW data path.
> > 
> > a rule like:
> > 
> > tc filter add dev eth0 protocol ip parent ffff: flower \
> >   enc_key_id 102 enc_dst_port 4789 src_ip 3.4.5.6 skip_hw \
> >   action action mirred redirect eth0_vf_1
> > 
> > will match 0 packets, while:
> > 
> > tc filter add dev eth0 protocol ip parent ffff: flower \
> >   enc_key_id 102 enc_dst_port 4789 src_ip 3.4.5.6 skip_sw \
> >   action action mirred redirect eth0_vf_1
> > 
> > [just flipped 'skip_sw' and 'skip_hw' ]
> > will match the vxlan-tunneled packets. I understand that one of the
> > design goal for the h/w offload path is being consistent with the sw
> > one, but that does not hold in the above scenario.
> 
> Sure, the consistency is important. Howcome "skip_hw" won't match and
> "skip_sw" will match? What's different?

For the SW datapath, we need a metadata based/lwt tunnel to collect the
tunnel information. eth0 is not a such device and does not provide the
metadata. Any match on tunnel based field will fail - correctly.

When the HW datapath is used, the underlaying NIC is programmed exactly
as done when we replace eth0 with vxlan0. The programmed flow matches
vxlan encapsulated traffic.

Cheers,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ