lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 9 Feb 2019 12:39:15 -0500
From:   Jamal Hadi Salim <>
To:     Edward Cree <>, netdev <>
Cc:     Jiri Pirko <>,
        Cong Wang <>,
        Or Gerlitz <>,
        Andy Gospodarek <>,
        PJ Waskiewicz <>,
        Anjali Singhai Jain <>,
        Jakub Kicinski <>
Subject: Re: TC stats / hw offload question

On 2019-02-08 5:26 a.m., Edward Cree wrote:
> On 06/02/19 02:20, Jamal Hadi Salim wrote:

>> tc match using flower blah \
>> action vlan push tag ... \
>> action redirect to egress of eth0
>> And you submited a packet of size x bytes,
>> then the "match" would record x bytes.
> Sorry, where would it record that?

Sorry - that was hypothetical on my part. We dont
record the bytes in the classifier. We do (on some
classifiers) record hit counts, so we can see how many
times a lookup on a specific filter happened and how
many times that lookup resulted in a match.
See u32 (or a few others Cong has been updating

>  I can't find any stats counters on
>   the "match" either in the software path or the offload API.

Hasnt been necessary thus far.
Is your end goal to match and count?
Most hardware has stats/counters as a separate table.
Assuming yours does as well, then if all you want was
to just match and accept, then you would add a filter
with an accept/ok. i.e something along the lines of:

tc match using flower blah \
action ok index 12345

The "action index" field can be used to map to a counter
table index in hardware. Note if you dont explicitly
specify the index, the kernel (and in this case h/w)
issues one for you.

>> the "vlan action" would record x bytes.
>> the "redirect" would record size x+vlaninfo bytes
>> the egress of eth0 would  recorr x+vlaninfo bytes
> Am I right in thinking that offloaded counters don't do that?  As far
>   as I can tell, the drivers with flower offload all use
>   tcf_exts_stats_update() which takes a single 'bytes' count and adds
>   it to all the actions.  (Presumably this is pre-edit length.)

On the pre/post edit, perhaps some of the hardware
owners could chime in +Ccing a few.

To the tcf_exts_stats_update():
Note, most people interested in h/w offload will choose to skip
sw (explicitly defined when you add  a rule).
The update synchronizes the hardware stats/counters
to the kernel - so when you dump the policies in such a setup
you are seeing what is reflected in hardware.


PS: I have to say just keeping one counter is at times
insufficient. Example, the policer records how many bytes
were seen, not how many bytes were allowed through.
For tunnels, it is easy to compute post-edit size because
you can easily compute later the added/removed bytes.

Powered by blists - more mailing lists