| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Nov 2017 10:03:28 +0100
From: Jiri Pirko <jiri@...nulli.us>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, petrm@...lanox.com, idosch@...lanox.com,
mlxsw@...lanox.com
Subject: [patch net-next 00/16] mlxsw: Handle changes in GRE configuration
From: Jiri Pirko <jiri@...lanox.com>
Petr says:
Until now, when an IP tunnel was offloaded by the mlxsw driver, the
offload was pretty much static, and changes in Linux configuration were
not reflected in the hardware. That led to discrepancies between traffic
flows in slow path and fast path. The work-around used to be to remove
all routes that forward to the netdevice and re-add them. This is
clearly suboptimal, but actually, as of the decap-only patchset, it's
not even enough anymore, and one needs to go all the way and simply drop
the tunnel and recreate it correctly.
With this patchset, the NETDEV_CHANGE events that are generated for
changes of up'd tunnel netdevices are captured and interpreted to
correctly reconfigure the HW in accordance with changes requested at the
software layer. In addition, NETDEV_CHANGEUPPER, NETDEV_UP and
NETDEV_DOWN are now handled not only for tunnel devices themselves, but
also for their bound devices. Each change is then translated to one or
more of the following updates to the HW configuration:
- refresh of offload of local route that corresponds to tunnel's local
address
- refresh of the loopback RIF
- refresh of offloads of routes that forward to the changed tunnel
- removal of tunnel offloads
These tools are used to implement the following configuration changes:
- addition of a new offloadable tunnel with local address that conflicts
with that of an already-offloaded tunnel (the existing tunnel is
onloaded, the new one isn't offloaded)
- changes to TTL, TOS that make tunnel unsuitable for offloading
- changes to ikey, okey, remote
- changes to local, which when they cause conflict with another
tunnel, lead to onloading of both newly-conflicting tunnels
- migration of a bound device of an offloaded tunnel device to a
different VRF
- changes to what device is bound to a tunnel device (i.e. like what
"ip tunnel change name g dev another" does)
- changes to up / down state of a bound device. A down bound device
doesn't forward encapsulated traffic anymore, but decap still works.
This patchset starts with a suite of patches that adapt the existing
code base step by step to facilitate introduction of the offloading
code. The five substantial patches at the end then implement the changes
mentioned above.
Petr Machata (16):
mlxsw: spectrum: Rename IPIP-related netdevice handlers
mlxsw: spectrum_router: Extract mlxsw_sp_netdevice_ipip_can_offload()
mlxsw: spectrum: Move mlxsw_sp_ipip_netdev_{s,d}addr{,4}()
mlxsw: spectrum_ipip: Split accessor functions
mlxsw: spectrum_router: Extract mlxsw_sp_ipip_entry_ol_down_event()
mlxsw: spectrum_router: Make mlxsw_sp_netdevice_ipip_ol_up_event()
void
mlxsw: spectrum_router: Extract mlxsw_sp_ipip_entry_ol_up_event()
mlxsw: spectrum: Propagate extack for tunnel events
mlxsw: spectrum_router: Extract __mlxsw_sp_ipip_entry_update_tunnel()
mlxsw: spectrum_router: Generalize
__mlxsw_sp_ipip_entry_update_tunnel()
mlxsw: spectrum_router: Fix saddr deduction in
mlxsw_sp_ipip_entry_create()
mlxsw: spectrum_router: Onload conflicting tunnels
mlxsw: spectrum: Support IPIP underlay VRF migration
mlxsw: spectrum: Handle NETDEV_CHANGE on L3 tunnels
mlxsw: spectrum_ipip: Handle underlay device change
mlxsw: spectrum_router: Handle down of tunnel underlay
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 8 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 18 +-
.../net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 183 ++++++-
.../net/ethernet/mellanox/mlxsw/spectrum_ipip.h | 12 +
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 539 +++++++++++++++------
.../net/ethernet/mellanox/mlxsw/spectrum_router.h | 29 +-
6 files changed, 614 insertions(+), 175 deletions(-)
--
2.9.5
Powered by blists - more mailing lists