lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Feb 2019 07:34:10 +0000 From: Ido Schimmel <idosch@...lanox.com> To: David Ahern <dsahern@...il.com> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, Jiri Pirko <jiri@...lanox.com>, Alexander Petrovskiy <alexpe@...lanox.com>, mlxsw <mlxsw@...lanox.com> Subject: Re: [PATCH net-next 1/2] mlxsw: spectrum_router: Offload blackhole routes On Thu, Feb 07, 2019 at 04:40:11PM -0800, David Ahern wrote: > On 2/6/19 11:42 AM, Ido Schimmel wrote: > > Create a new FIB entry type for blackhole routes and set it in case the > > type of the notified route is 'RTN_BLACKHOLE'. > > > > Program such routes with a discard action and mark them as offloaded > > since the device is dropping the packets instead of the kernel. > > > > Signed-off-by: Ido Schimmel <idosch@...lanox.com> > > Acked-by: Jiri Pirko <jiri@...lanox.com> > > --- > > .../ethernet/mellanox/mlxsw/spectrum_router.c | 27 +++++++++++++++++-- > > 1 file changed, 25 insertions(+), 2 deletions(-) > > > > One of the feature requests from the FRR team (and a feature I have > implemented) is a blackhole nexthop. The idea is that prefixes are > installed pointing to nexthop id N. That nexthop definition can be > atomically updated to go between a device / gateway and a blackhole. > > > [ prefix ] --> [ nhid 1 ] --> [ dev1 / gateway1 ] > > > [ prefix ] --> [ nhid 1 ] --> [ blackhole ] > > > [ prefix ] --> [ nhid 1 ] --> [ dev2 / gateway2 ] > > Do you see this working ok with mlxsw without having to update the > prefix entries (which can be numerous) directly? Yes. This patch configures the route itself to drop packets, but we can instead configure it as a remote route and configure the adjacency entry to drop packets. If you later want to change X routes using this blackhole nexthop to a different one, then create the new one and tell the hardware to do the switch in a single operation. It will basically grep over all configured routes and do: s/blackhole_adjacency_index/new_adjacency_index/ s/black_ecmp_size/new_ecmp_size/ See RALEU in drivers/net/ethernet/mellanox/mlxsw/reg.h I assume that user can't put blackhole and normal nexthops in the same group?
Powered by blists - more mailing lists