lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Apr 2019 16:32:58 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     netfilter-devel@...r.kernel.org, davem@...emloft.net,
        netdev@...r.kernel.org, jiri@...lanox.com,
        john.hurley@...ronome.com, jakub.kicinski@...ronome.com,
        ogerlitz@...lanox.com
Subject: Re: [PATCH net-next,RFC 0/9] net: sched: prepare to reuse per-block
 callbacks from netfilter

Fri, Apr 26, 2019 at 02:33:37AM CEST, pablo@...filter.org wrote:
>Hi,
>
>This patchset aims to introduce changes to reuse the existing .ndo_setup_tc
>netdev operations from netfilter.
>
>The idea is to move tcf_block_cb to net/core/flow_offload.c and rename
>it to flow_block_cb. This object provides the minimal infrastructure to
>set up per-block callbacks that are called to offload policies to
>hardware.
>
>The tcf_block object is specific for TC to share policies between
>ingress devices. This object has a list of tcf_block_cb objects that are
>called to offload the policies to hardware. In netfilter, the idea is to
>store the list of tcf_block_cb objects in a chain that would be bound to
>several devices, eg.
>
>  chain x {
>	type filter hook ingress devices = { eth0, eth1 } priority 0;
>	...
>  }
>

Do you have the follow-up patchset somewhere? I'm curius about your
goal. Without that, it is hard to understand what you are getting at.


>Hence, this emulates the shared blocks available in TC that Jiri made.
>
>Note that the list of tcf_block_cb objects will be called to offload
>policies in this chain.

So you are going to use chain_id (if there is anything like that) as
block_index during offload, right?


>
>To reuse this infrastructure, I need remove the dependency with the
>tcf_block object and tc/cls_api (see .reoffload) that is called from the
>driver side, this patchset reworks the per-block callback infrastructure
>to set up the tcf_block_cb object from the driver, then convey the list
>of callbacks using the tc_block_offload object back to the core.
>
>            cls_api                         driver
>	TC_SETUP_BLOCK    ---------->  setup tcf_block_cb
>       tc_block_offload           add it to tc_block_offload->cb_list
>                                                |
>          register     <------------------------'
>         tcf_block_cb
>         ->reoffload
>
>Therefore, registration does not happen from drivers anymore, instead
>it is done from the core. The driver just sets up the tcf_block_cb
>object that wires up the connection between the offloaded block (chains
>in case of netfilter) and the driver.
>
>This patchset is compile tested only at this stage.
>
>Comments welcome, thanks.
>
>Pablo Neira Ayuso (9):
>  net: sched: move tcf_block_cb before indr_block
>  net: sched: add tcf_block_cb_alloc()
>  net: sched: add tcf_block_cb_free()
>  net: sched: add tcf_block_setup()
>  net: sched: add release callback to struct tcf_block_cb
>  net: sched: add tcf_setup_block_offload()
>  net: use tcf_block_setup() infrastructure
>  net: sched: remove tcf_block_cb_{register,unregister}()
>  net: cls_api: do not expose tcf_block to drivers
>
> drivers/net/ethernet/broadcom/bnxt/bnxt.c          |  26 +-
> drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c      |  28 +-
> drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c    |  26 +-
> drivers/net/ethernet/intel/i40e/i40e_main.c        |  26 +-
> drivers/net/ethernet/intel/iavf/iavf_main.c        |  35 +-
> drivers/net/ethernet/intel/igb/igb_main.c          |  23 +-
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c      |  27 +-
> drivers/net/ethernet/mellanox/mlx5/core/en_main.c  |  27 +-
> drivers/net/ethernet/mellanox/mlx5/core/en_rep.c   |  59 +-
> drivers/net/ethernet/mellanox/mlxsw/spectrum.c     |  64 ++-
> drivers/net/ethernet/netronome/nfp/abm/cls.c       |  17 +-
> drivers/net/ethernet/netronome/nfp/bpf/main.c      |  29 +-
> .../net/ethernet/netronome/nfp/flower/offload.c    |  62 +--
> drivers/net/ethernet/qlogic/qede/qede_main.c       |  23 +-
> drivers/net/ethernet/stmicro/stmmac/stmmac_main.c  |  22 +-
> drivers/net/netdevsim/netdev.c                     |  26 +-
> include/net/pkt_cls.h                              |  29 +-
> net/dsa/slave.c                                    |  15 +-
> net/sched/cls_api.c                                | 598 ++++++++++++---------
> 19 files changed, 528 insertions(+), 634 deletions(-)
>
>-- 
>2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ