lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 06 Sep 2019 14:59:35 +0200 (CEST)
From:   David Miller <davem@...emloft.net>
To:     paulb@...lanox.com
Cc:     pshelar@....org, netdev@...r.kernel.org, jpettit@...ira.com,
        simon.horman@...ronome.com, marcelo.leitner@...il.com,
        vladbu@...lanox.com, jiri@...lanox.com, roid@...lanox.com,
        yossiku@...lanox.com, ronye@...lanox.com, ozsh@...lanox.com
Subject: Re: [PATCH net-next v4 1/1] net: openvswitch: Set OvS recirc_id
 from tc chain index

From: Paul Blakey <paulb@...lanox.com>
Date: Wed,  4 Sep 2019 16:56:37 +0300

> Offloaded OvS datapath rules are translated one to one to tc rules,
> for example the following simplified OvS rule:
> 
> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2)
> 
> Will be translated to the following tc rule:
> 
> $ tc filter add dev dev1 ingress \
> 	    prio 1 chain 0 proto ip \
> 		flower tcp ct_state -trk \
> 		action ct pipe \
> 		action goto chain 2
> 
> Received packets will first travel though tc, and if they aren't stolen
> by it, like in the above rule, they will continue to OvS datapath.
> Since we already did some actions (action ct in this case) which might
> modify the packets, and updated action stats, we would like to continue
> the proccessing with the correct recirc_id in OvS (here recirc_id(2))
> where we left off.
> 
> To support this, introduce a new skb extension for tc, which
> will be used for translating tc chain to ovs recirc_id to
> handle these miss cases. Last tc chain index will be set
> by tc goto chain action and read by OvS datapath.
> 
> Signed-off-by: Paul Blakey <paulb@...lanox.com>
> Signed-off-by: Vlad Buslov <vladbu@...lanox.com>
> Acked-by: Jiri Pirko <jiri@...lanox.com>
> ---
> Changelog:
> V3->V4:
> 	Removed changes to tcf_result, instead us action return value to get chain index

Applied to net-next.

Powered by blists - more mailing lists