| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2019 02:33:37 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org, jiri@...lanox.com,
john.hurley@...ronome.com, jakub.kicinski@...ronome.com,
ogerlitz@...lanox.com
Subject: [PATCH net-next,RFC 0/9] net: sched: prepare to reuse per-block callbacks from netfilter
Hi,
This patchset aims to introduce changes to reuse the existing .ndo_setup_tc
netdev operations from netfilter.
The idea is to move tcf_block_cb to net/core/flow_offload.c and rename
it to flow_block_cb. This object provides the minimal infrastructure to
set up per-block callbacks that are called to offload policies to
hardware.
The tcf_block object is specific for TC to share policies between
ingress devices. This object has a list of tcf_block_cb objects that are
called to offload the policies to hardware. In netfilter, the idea is to
store the list of tcf_block_cb objects in a chain that would be bound to
several devices, eg.
chain x {
type filter hook ingress devices = { eth0, eth1 } priority 0;
...
}
Hence, this emulates the shared blocks available in TC that Jiri made.
Note that the list of tcf_block_cb objects will be called to offload
policies in this chain.
To reuse this infrastructure, I need remove the dependency with the
tcf_block object and tc/cls_api (see .reoffload) that is called from the
driver side, this patchset reworks the per-block callback infrastructure
to set up the tcf_block_cb object from the driver, then convey the list
of callbacks using the tc_block_offload object back to the core.
cls_api driver
TC_SETUP_BLOCK ----------> setup tcf_block_cb
tc_block_offload add it to tc_block_offload->cb_list
|
register <------------------------'
tcf_block_cb
->reoffload
Therefore, registration does not happen from drivers anymore, instead
it is done from the core. The driver just sets up the tcf_block_cb
object that wires up the connection between the offloaded block (chains
in case of netfilter) and the driver.
This patchset is compile tested only at this stage.
Comments welcome, thanks.
Pablo Neira Ayuso (9):
net: sched: move tcf_block_cb before indr_block
net: sched: add tcf_block_cb_alloc()
net: sched: add tcf_block_cb_free()
net: sched: add tcf_block_setup()
net: sched: add release callback to struct tcf_block_cb
net: sched: add tcf_setup_block_offload()
net: use tcf_block_setup() infrastructure
net: sched: remove tcf_block_cb_{register,unregister}()
net: cls_api: do not expose tcf_block to drivers
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 26 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c | 28 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 26 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 35 +-
drivers/net/ethernet/intel/igb/igb_main.c | 23 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 59 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 64 ++-
drivers/net/ethernet/netronome/nfp/abm/cls.c | 17 +-
drivers/net/ethernet/netronome/nfp/bpf/main.c | 29 +-
.../net/ethernet/netronome/nfp/flower/offload.c | 62 +--
drivers/net/ethernet/qlogic/qede/qede_main.c | 23 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +-
drivers/net/netdevsim/netdev.c | 26 +-
include/net/pkt_cls.h | 29 +-
net/dsa/slave.c | 15 +-
net/sched/cls_api.c | 598 ++++++++++++---------
19 files changed, 528 insertions(+), 634 deletions(-)
--
2.11.0
Powered by blists - more mailing lists