lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 2 Dec 2019 11:37:05 +0800
From:   wenxu <wenxu@...oud.cn>
To:     Paul Blakey <paulb@...lanox.com>
Cc:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: Question about flow table offload in mlx5e

Hi Paul,


Sorry for trouble you again. I think it is a problem in ft callback.

Can your help me fix it. Thx!

I did the test like you with route tc rules to ft callback.

# ifconfig mlx_p0 172.168.152.75/24 up
# ip n r 172.16.152.241 lladdr fa:fa:ff:ff:ff:ff dev mlx_p0

# ip l add dev tun1 type gretap external
# tc qdisc add dev tun1 ingress
# tc qdisc add dev mlx_pf0vf0 ingress

# tc filter add dev mlx_pf0vf0 pref 2 ingress  protocol ip flower skip_sw  action tunnel_key set dst_ip 172.168.152.241 src_ip 0 id 1000 nocsum pipe action mirred egress redirect dev tun1


In The vm:
# ifconfig eth0 10.0.0.75/24 up
# ip n r 10.0.0.77 lladdr fa:ff:ff:ff:ff:ff dev eth0

# iperf -c 10.0.0.77 -t 100 -i 2

The syn packets can be offloaded successfully.

# # tc -s filter ls dev mlx_pf0vf0 ingress
filter protocol ip pref 2 flower chain 0 
filter protocol ip pref 2 flower chain 0 handle 0x1 
  eth_type ipv4
  skip_sw
  in_hw in_hw_count 1
	action order 1: tunnel_key  set
	src_ip 0.0.0.0
	dst_ip 172.168.152.241
	key_id 1000
	nocsum pipe
	 index 1 ref 1 bind 1 installed 252 sec used 252 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
	backlog 0b 0p requeues 0

	action order 2: mirred (Egress Redirect to device tun1) stolen
 	index 1 ref 1 bind 1 installed 252 sec used 110 sec
 	Action statistics:
	Sent 3420 bytes 11 pkt (dropped 0, overlimits 0 requeues 0) 
	Sent software 0 bytes 0 pkt
	Sent hardware 3420 bytes 11 pkt
	backlog 0b 0p requeues 0

But Then I add another decap filter on tun1:

tc filter add dev tun1 pref 2 ingress protocol ip flower enc_key_id 1000 enc_src_ip 172.168.152.241 action tunnel_key unset pipe action mirred egress redirect dev mlx_pf0vf0

# iperf -c 10.0.0.77 -t 100 -i 2

The syn packets can't be offloaded. The tc filter counter is also not increase.


# tc -s filter ls dev mlx_pf0vf0 ingress
filter protocol ip pref 2 flower chain 0 
filter protocol ip pref 2 flower chain 0 handle 0x1 
  eth_type ipv4
  skip_sw
  in_hw in_hw_count 1
	action order 1: tunnel_key  set
	src_ip 0.0.0.0
	dst_ip 172.168.152.241
	key_id 1000
	nocsum pipe
	 index 1 ref 1 bind 1 installed 320 sec used 320 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
	backlog 0b 0p requeues 0

	action order 2: mirred (Egress Redirect to device tun1) stolen
 	index 1 ref 1 bind 1 installed 320 sec used 178 sec
 	Action statistics:
	Sent 3420 bytes 11 pkt (dropped 0, overlimits 0 requeues 0) 
	Sent software 0 bytes 0 pkt
	Sent hardware 3420 bytes 11 pkt
	backlog 0b 0p requeues 0

# tc -s filter ls dev tun1 ingress
filter protocol ip pref 2 flower chain 0 
filter protocol ip pref 2 flower chain 0 handle 0x1 
  eth_type ipv4
  enc_src_ip 172.168.152.241
  enc_key_id 1000
  in_hw in_hw_count 1
	action order 1: tunnel_key  unset pipe
	 index 2 ref 1 bind 1 installed 391 sec used 391 sec
	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
	backlog 0b 0p requeues 0

	action order 2: mirred (Egress Redirect to device mlx_pf0vf0) stolen
 	index 2 ref 1 bind 1 installed 391 sec used 391 sec
 	Action statistics:
	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
	backlog 0b 0p requeues 0


So there maybe some problem for ft callback setup. When there is another reverse
decap rule add in tunnel device, The encap rule will not offloaded the packets.

Expect your help Thx!


BR
wenxu








Powered by blists - more mailing lists