lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <789e794b57140202137de8656b97d336@advem.lv>
Date:   Thu, 09 Nov 2017 17:11:11 +0200
From:   Roman Yeryomin <roman@...em.lv>
To:     Andrew Lunn <andrew@...n.ch>
Cc:     Linus Walleij <linus.walleij@...aro.org>,
        Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        netdev@...r.kernel.org,
        Antti Seppälä 
        <a.seppala@...il.com>,
        Colin Leitner <colin.leitner@...glemail.com>,
        Gabor Juhos <juhosg@...nwrt.org>
Subject: Re: [PATCH 4/4] RFC: net: dsa: realtek-smi: Add Realtek SMI driver

On 2017-11-09 15:24, Andrew Lunn wrote:
>> Although it could be a good thing to bring this to mainline, I'm kind 
>> of
>> pessimistic about supporting such switches in DSA/switchdev. IMO 
>> swconfig
>> does a better job for now.
> 
> I think the important point here is "... for now"

... as always, probably

>> Unless switchdev could be expanded to support other functions beyond 
>> VLAN,
>> like port rate control, ACL, HW NAT (no switchdev L3 offload doesn't 
>> fit
>> this), etc.
> 
> Switchdev allows offloading of TC. So port rate control would be
> implemented via TC.

That's interesting. Are there any examples implemented?

> By ACL do you mean filtering MAC addresses?

Not only. Usually ACL means defining action with rules matching MAC/IP 
address, physical or TCP/IP port, VID, Ethertype or even custom bytes.
And actions could be drop, assign rate, change VID/priority, force L3 
offload or mirroring, redirect/copy to CPU port.

> iptables? The Broadcom SF2 allows some access to its TCAM using
> standard methods. More will come with time.

That's OK, if it's doable with current design.

> Offload of iptables is in
> the works. Pablo posted some patches this month laying the foundations
> of HW NAT.

Yes, that what I referred to in my previous email.
But the question how exactly it will be done?
Will the switch support be spread all over the kernel?
Or switchdev will provide API for all the others?


Regards,
Roman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ