lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Dec 2018 15:51:00 +0200
From:   Or Gerlitz <gerlitz.or@...il.com>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Linux Netdev List <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>, thomas.lendacky@....com,
        Florian Fainelli <f.fainelli@...il.com>,
        Ariel Elior <ariel.elior@...ium.com>,
        Michael Chan <michael.chan@...adcom.com>, santosh@...lsio.com,
        madalin.bucur@....com,
        "Zhuangyuzeng (Yisen)" <yisen.zhuang@...wei.com>,
        Salil Mehta <salil.mehta@...wei.com>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Ido Schimmel <idosch@...lanox.com>, peppe.cavallaro@...com,
        grygorii.strashko@...com, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
        alexandre.torgue@...com, joabreu@...opsys.com,
        linux-net-drivers@...arflare.com,
        Ganesh Goudar <ganeshgr@...lsio.com>,
        Or Gerlitz <ogerlitz@...lanox.com>, Manish.Chopra@...ium.com,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        mkubecek@...e.cz, venkatkumar.duvvuru@...adcom.com,
        julia.lawall@...6.fr, John Fastabend <john.fastabend@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>
Subject: Re: [PATCH net-next,v6 00/12] add flow_rule infrastructure

On Thu, Dec 20, 2018 at 2:35 PM Pablo Neira Ayuso <pablo@...filter.org> wrote:
> On Wed, Dec 19, 2018 at 04:26:53PM -0800, Jakub Kicinski wrote:

> > I'm confused, could you rephrase?  How does you work help such devices?
> > How is tc not suitable for them?

> There are two HW offload usecases:
>
> #1 Policy resides in software, CPU host sees initial packets, based on
>    policy, you place flows into hardware via nf_flow_table infrastructure.
>    This usecase is fine in your NIC since you assume host CPU can cope
>    with policy in software for these few initial packets of the flow.
>    However, switches usually have a small CPU to run control plane
>    software only. There we _cannot_ use this approach.
>
> #2 Policy resides in hardware. For the usecase of switches with small
>    CPU, the ACL is deployed in hardware. We use the host CPU to run
>    control plane configurations only.
>
> This patchset _is not_ related to #1, this patchset _is_ related to #2.

confused, isn't this patch set related to connection tracking offloads
on modern NIC HWs?

> So far, there is infrastructure in Netfilter to do #1, it should be
> possible to use it from TC too. In TC, there is infrastructure for #2
> which can be reused from Netfilter.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ