lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180314155138.GE2130@nanopsycho>
Date:   Wed, 14 Mar 2018 16:51:38 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc:     Or Gerlitz <gerlitz.or@...il.com>, Jiri Pirko <jiri@...lanox.com>,
        Rabie Loulou <rabiel@...lanox.com>,
        John Hurley <john.hurley@...ronome.com>,
        Simon Horman <simon.horman@...ronome.com>,
        Linux Netdev List <netdev@...r.kernel.org>,
        mlxsw <mlxsw@...lanox.com>,
        Yevgeny Kliteynik <kliteyn@...lanox.com>,
        Paul Blakey <paulb@...lanox.com>
Subject: Re: [RFC net-next 2/6] driver: net: bonding: allow registration of
 tc offload callbacks in bond

Wed, Mar 14, 2018 at 02:50:02AM CET, jakub.kicinski@...ronome.com wrote:
>On Tue, 13 Mar 2018 17:53:39 +0200, Or Gerlitz wrote:
>> > Starting with type 2, in our current NIC HW APIs we have to duplicate
>> > these rules
>> > into two rules set to HW:
>> >
>> > 2.1 VF rep --> uplink 0
>> > 2.2 VF rep --> uplink 1
>> >
>> > and we do that in the driver (add/del two HW rules, combine the stat
>> > results, etc)
>
>Ack, I think our HW API also will require us to duplicate the rules
>today, but IMHO we should implement some common helper module in the
>core that would work for any block sharing rather than bond specific
>solution.

But how? Only the driver knows if in case it has 2 netdevices if the HW
is capable of share or not. And accordingly, it registers 1cb instance
or 2cb instances (1 for each netdev). I don't see how you can move it in
core...


>
>> > 3. ingress rule on VF rep port with shared tunnel device being the
>> > egress (encap)
>> > and where the routing of the underlay (tunnel) goes through LAG.
>> >
>> > in our case, this is like 2.1/2.2 above, offload two rules, combine stats
>> >
>> > 4. ingress rule shared tunnel device being the ingress and VF rep port
>> > being the egress (decap)
>> >
>> > this uses the egdev facility to be offloaded into the our driver, and
>> > then in the driver
>> > we will treat it like type 1, two rules need to be installed into HW,
>> > but now, we can't delegate them
>> > from the vxlan device b/c it has no direct connection with the bond.
>
>Let's get rid of the egdev crutch first then :]

I don't see how you can do it. Note that this exists to catch insertions
of rules that have "mirred redirect" to the dev which is interested in
the rules. Originally it was done in a very ugly way (please see git
history), and I converted it to egdev - I was not able to find any nicer
solution :/ Any ideas for improvement?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ