lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1564931351-1036-1-git-send-email-john.hurley@netronome.com>
Date:   Sun,  4 Aug 2019 16:09:02 +0100
From:   John Hurley <john.hurley@...ronome.com>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, simon.horman@...ronome.com,
        jakub.kicinski@...ronome.com, oss-drivers@...ronome.com,
        John Hurley <john.hurley@...ronome.com>
Subject: [PATCH net-next 00/10] Support tunnels over VLAN in NFP

This patchset deals with tunnel encap and decap when the end-point IP
address is on an internal port (for example and OvS VLAN port). Tunnel
encap without VLAN is already supported in the NFP driver. This patchset
extends that to include a push VLAN along with tunnel header push.

Patches 1-4 extend the flow_offload IR API to include actions that use
skbedit to set the ptype of an SKB and that send a packet to port ingress
from the act_mirred module. Such actions are used in flower rules that
forward tunnel packets to internal ports where they can be decapsulated.
OvS and its TC API is an example of a user-space app that produces such
rules.

Patch 5 modifies the encap offload code to allow the pushing of a VLAN
header after a tunnel header push.

Patches 6-10 deal with tunnel decap when the end-point is on an internal
port. They detect 'pre-tunnel rules' which do not deal with tunnels
themselves but, rather, forward packets to internal ports where they
can be decapped if required. Such rules are offloaded to a table in HW
along with an indication of whether packets need to be passed to this
table of not (based on their destination MAC address). Matching against
this table prior to decapsulation in HW allows the correct parsing and
handling of outer VLANs on tunnelled packets and the correct updating of
stats for said 'pre-tunnel' rules.

John Hurley (10):
  net: tc_act: add skbedit_ptype helper functions
  net: sched: add skbedit of ptype action to hardware IR
  net: tc_act: add helpers to detect ingress mirred actions
  net: sched: add ingress mirred action to hardware IR
  nfp: flower: push vlan after tunnel in merge
  nfp: flower: detect potential pre-tunnel rules
  nfp: flower: verify pre-tunnel rules
  nfp: flower: offload pre-tunnel rules
  nfp: flower: remove offloaded MACs when reprs are applied to OvS
    bridges
  nfp: flower: encode mac indexes with pre-tunnel rule check

 drivers/net/ethernet/netronome/nfp/flower/action.c |  40 ++++-
 drivers/net/ethernet/netronome/nfp/flower/cmsg.h   |   4 +-
 drivers/net/ethernet/netronome/nfp/flower/main.c   |   1 +
 drivers/net/ethernet/netronome/nfp/flower/main.h   |  19 ++
 .../net/ethernet/netronome/nfp/flower/offload.c    | 186 ++++++++++++++++++-
 .../ethernet/netronome/nfp/flower/tunnel_conf.c    | 200 +++++++++++++++++++--
 include/net/flow_offload.h                         |   4 +
 include/net/tc_act/tc_mirred.h                     |  18 ++
 include/net/tc_act/tc_skbedit.h                    |  27 +++
 net/sched/cls_api.c                                |   9 +
 10 files changed, 476 insertions(+), 32 deletions(-)

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ