| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Feb 2020 08:35:42 +0100
From: Jiri Pirko <jiri@...nulli.us>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, idosch@...lanox.com,
mlxsw@...lanox.com
Subject: [patch net-next 00/16] mlxsw: Introduce ACL traps
From: Jiri Pirko <jiri@...lanox.com>
This patchset allows to track packets that are dropped in HW by ACL.
Unlike the existing mlxsw traps, ACL traps are "source traps".
That means the action is not controlled by HPKT register but directly
in ACL TRAP action. When devlink user changes action from drop to trap
and vice versa, it would be needed to go over all instances of ACL TRAP
action and do change. That does not scale. Instead, resolve this
by introducing "dummy" group with "thin" policer. The purpose of
this policer is to drop as many packets as possible. The ones
that pass through are going to be dropped in devlink code - patch #6
takes care of that.
First four patches are preparation for introduction of ACL traps in mlxsw
so it possible to easily change from drop to trap for source traps
as well - by changing group to "dummy" and back.
Jiri Pirko (16):
mlxsw: spectrum_trap: Set unreg_action to be SET_FW_DEFAULT
mlxsw: core: Allow to register disabled traps using MLXSW_RXL_DIS
mlxsw: spectrum_trap: Use listener->en/dis_action instead of
hard-coded values
mlxsw: spectrum_trap: Prepare mlxsw_core_trap_action_set() to handle
not only action
devlink: add ACL generic packet traps
mlxsw: spectrum_acl: Track ingress and egress block bindings
mlxsw: spectrum_flower: Disable mixed bound blocks to contain action
drop
mlxsw: spectrum_acl: Pass the ingress indication down to flex action
mlxsw: acl_flex_actions: Trap all ACL dropped packets to DISCARD_*_ACL
traps
mlxsw: core: Allow to enable/disable rx_listener for trap
mlxsw: core: Extend MLXSW_RXL_DIS to register disabled trap group
mlxsw: spectrum_trap: Introduce dummy group with thin policer
mlxsw: spectrum_trap: Add ACL devlink-trap support
selftests: introduce test for mlxsw tc flower restrictions
selftests: pass pref and handle to devlink_trap_drop_* helpers
selftests: devlink_trap_acl_drops: Add ACL traps test
.../networking/devlink/devlink-trap.rst | 9 ++
drivers/net/ethernet/mellanox/mlxsw/core.c | 77 ++++++---
drivers/net/ethernet/mellanox/mlxsw/core.h | 83 ++++++----
.../mellanox/mlxsw/core_acl_flex_actions.c | 8 +-
.../mellanox/mlxsw/core_acl_flex_actions.h | 2 +-
drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 +
.../net/ethernet/mellanox/mlxsw/spectrum.h | 9 +-
.../ethernet/mellanox/mlxsw/spectrum_acl.c | 37 ++++-
.../ethernet/mellanox/mlxsw/spectrum_flower.c | 21 ++-
.../ethernet/mellanox/mlxsw/spectrum_trap.c | 59 +++++--
drivers/net/ethernet/mellanox/mlxsw/trap.h | 2 +
include/net/devlink.h | 9 ++
net/core/devlink.c | 3 +
.../net/mlxsw/devlink_trap_acl_drops.sh | 151 ++++++++++++++++++
.../net/mlxsw/devlink_trap_l2_drops.sh | 28 ++--
.../net/mlxsw/devlink_trap_l3_drops.sh | 44 ++---
.../net/mlxsw/devlink_trap_tunnel_vxlan.sh | 4 +-
.../net/mlxsw/tc_flower_restrictions.sh | 100 ++++++++++++
.../selftests/net/forwarding/devlink_lib.sh | 7 +-
19 files changed, 539 insertions(+), 116 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/mlxsw/devlink_trap_acl_drops.sh
create mode 100755 tools/testing/selftests/drivers/net/mlxsw/tc_flower_restrictions.sh
--
2.21.1
Powered by blists - more mailing lists