| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Dec 2019 11:37:05 +0800 From: wenxu <wenxu@...oud.cn> To: Paul Blakey <paulb@...lanox.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: Question about flow table offload in mlx5e Hi Paul, Sorry for trouble you again. I think it is a problem in ft callback. Can your help me fix it. Thx! I did the test like you with route tc rules to ft callback. # ifconfig mlx_p0 172.168.152.75/24 up # ip n r 172.16.152.241 lladdr fa:fa:ff:ff:ff:ff dev mlx_p0 # ip l add dev tun1 type gretap external # tc qdisc add dev tun1 ingress # tc qdisc add dev mlx_pf0vf0 ingress # tc filter add dev mlx_pf0vf0 pref 2 ingress protocol ip flower skip_sw action tunnel_key set dst_ip 172.168.152.241 src_ip 0 id 1000 nocsum pipe action mirred egress redirect dev tun1 In The vm: # ifconfig eth0 10.0.0.75/24 up # ip n r 10.0.0.77 lladdr fa:ff:ff:ff:ff:ff dev eth0 # iperf -c 10.0.0.77 -t 100 -i 2 The syn packets can be offloaded successfully. # # tc -s filter ls dev mlx_pf0vf0 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 eth_type ipv4 skip_sw in_hw in_hw_count 1 action order 1: tunnel_key set src_ip 0.0.0.0 dst_ip 172.168.152.241 key_id 1000 nocsum pipe index 1 ref 1 bind 1 installed 252 sec used 252 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 action order 2: mirred (Egress Redirect to device tun1) stolen index 1 ref 1 bind 1 installed 252 sec used 110 sec Action statistics: Sent 3420 bytes 11 pkt (dropped 0, overlimits 0 requeues 0) Sent software 0 bytes 0 pkt Sent hardware 3420 bytes 11 pkt backlog 0b 0p requeues 0 But Then I add another decap filter on tun1: tc filter add dev tun1 pref 2 ingress protocol ip flower enc_key_id 1000 enc_src_ip 172.168.152.241 action tunnel_key unset pipe action mirred egress redirect dev mlx_pf0vf0 # iperf -c 10.0.0.77 -t 100 -i 2 The syn packets can't be offloaded. The tc filter counter is also not increase. # tc -s filter ls dev mlx_pf0vf0 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 eth_type ipv4 skip_sw in_hw in_hw_count 1 action order 1: tunnel_key set src_ip 0.0.0.0 dst_ip 172.168.152.241 key_id 1000 nocsum pipe index 1 ref 1 bind 1 installed 320 sec used 320 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 action order 2: mirred (Egress Redirect to device tun1) stolen index 1 ref 1 bind 1 installed 320 sec used 178 sec Action statistics: Sent 3420 bytes 11 pkt (dropped 0, overlimits 0 requeues 0) Sent software 0 bytes 0 pkt Sent hardware 3420 bytes 11 pkt backlog 0b 0p requeues 0 # tc -s filter ls dev tun1 ingress filter protocol ip pref 2 flower chain 0 filter protocol ip pref 2 flower chain 0 handle 0x1 eth_type ipv4 enc_src_ip 172.168.152.241 enc_key_id 1000 in_hw in_hw_count 1 action order 1: tunnel_key unset pipe index 2 ref 1 bind 1 installed 391 sec used 391 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 action order 2: mirred (Egress Redirect to device mlx_pf0vf0) stolen index 2 ref 1 bind 1 installed 391 sec used 391 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 So there maybe some problem for ft callback setup. When there is another reverse decap rule add in tunnel device, The encap rule will not offloaded the packets. Expect your help Thx! BR wenxu
Powered by blists - more mailing lists