lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 20 Dec 2018 16:39:19 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Or Gerlitz <gerlitz.or@...il.com>
Cc:     Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Linux Netdev List <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>, thomas.lendacky@....com,
        Florian Fainelli <f.fainelli@...il.com>,
        Ariel Elior <ariel.elior@...ium.com>,
        Michael Chan <michael.chan@...adcom.com>, santosh@...lsio.com,
        madalin.bucur@....com,
        "Zhuangyuzeng (Yisen)" <yisen.zhuang@...wei.com>,
        Salil Mehta <salil.mehta@...wei.com>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Ido Schimmel <idosch@...lanox.com>, peppe.cavallaro@...com,
        grygorii.strashko@...com, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
        alexandre.torgue@...com, joabreu@...opsys.com,
        linux-net-drivers@...arflare.com,
        Ganesh Goudar <ganeshgr@...lsio.com>,
        Or Gerlitz <ogerlitz@...lanox.com>, Manish.Chopra@...ium.com,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        mkubecek@...e.cz, venkatkumar.duvvuru@...adcom.com,
        julia.lawall@...6.fr, John Fastabend <john.fastabend@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>
Subject: Re: [PATCH net-next,v6 00/12] add flow_rule infrastructure

On Thu, Dec 20, 2018 at 03:51:00PM +0200, Or Gerlitz wrote:
> On Thu, Dec 20, 2018 at 2:35 PM Pablo Neira Ayuso <pablo@...filter.org> wrote:
> > On Wed, Dec 19, 2018 at 04:26:53PM -0800, Jakub Kicinski wrote:
> 
> > > I'm confused, could you rephrase?  How does you work help such devices?
> > > How is tc not suitable for them?
> 
> > There are two HW offload usecases:
> >
> > #1 Policy resides in software, CPU host sees initial packets, based on
> >    policy, you place flows into hardware via nf_flow_table infrastructure.
> >    This usecase is fine in your NIC since you assume host CPU can cope
> >    with policy in software for these few initial packets of the flow.
> >    However, switches usually have a small CPU to run control plane
> >    software only. There we _cannot_ use this approach.
> >
> > #2 Policy resides in hardware. For the usecase of switches with small
> >    CPU, the ACL is deployed in hardware. We use the host CPU to run
> >    control plane configurations only.
> >
> > This patchset _is not_ related to #1, this patchset _is_ related to #2.
> 
> confused, isn't this patch set related to connection tracking offloads
> on modern NIC HWs?

This patchset is aiming to unify ethtool_rxnfc and tc/cls_flower
representation to simplify driver codebase, ie. have a single parser
to populate HW IR. My immediate future work is to reuse this new
infrastructure to explore #2 for netfilter.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ