lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200224073558.26500-1-jiri@resnulli.us>
Date:   Mon, 24 Feb 2020 08:35:42 +0100
From:   Jiri Pirko <jiri@...nulli.us>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, kuba@...nel.org, idosch@...lanox.com,
        mlxsw@...lanox.com
Subject: [patch net-next 00/16] mlxsw: Introduce ACL traps

From: Jiri Pirko <jiri@...lanox.com>

This patchset allows to track packets that are dropped in HW by ACL.

Unlike the existing mlxsw traps, ACL traps are "source traps".
That means the action is not controlled by HPKT register but directly
in ACL TRAP action. When devlink user changes action from drop to trap
and vice versa, it would be needed to go over all instances of ACL TRAP
action and do change. That does not scale. Instead, resolve this
by introducing "dummy" group with "thin" policer. The purpose of
this policer is to drop as many packets as possible. The ones
that pass through are going to be dropped in devlink code - patch #6
takes care of that.

First four patches are preparation for introduction of ACL traps in mlxsw
so it possible to easily change from drop to trap for source traps
as well - by changing group to "dummy" and back.

Jiri Pirko (16):
  mlxsw: spectrum_trap: Set unreg_action to be SET_FW_DEFAULT
  mlxsw: core: Allow to register disabled traps using MLXSW_RXL_DIS
  mlxsw: spectrum_trap: Use listener->en/dis_action instead of
    hard-coded values
  mlxsw: spectrum_trap: Prepare mlxsw_core_trap_action_set() to handle
    not only action
  devlink: add ACL generic packet traps
  mlxsw: spectrum_acl: Track ingress and egress block bindings
  mlxsw: spectrum_flower: Disable mixed bound blocks to contain action
    drop
  mlxsw: spectrum_acl: Pass the ingress indication down to flex action
  mlxsw: acl_flex_actions: Trap all ACL dropped packets to DISCARD_*_ACL
    traps
  mlxsw: core: Allow to enable/disable rx_listener for trap
  mlxsw: core: Extend MLXSW_RXL_DIS to register disabled trap group
  mlxsw: spectrum_trap: Introduce dummy group with thin policer
  mlxsw: spectrum_trap: Add ACL devlink-trap support
  selftests: introduce test for mlxsw tc flower restrictions
  selftests: pass pref and handle to devlink_trap_drop_* helpers
  selftests: devlink_trap_acl_drops: Add ACL traps test

 .../networking/devlink/devlink-trap.rst       |   9 ++
 drivers/net/ethernet/mellanox/mlxsw/core.c    |  77 ++++++---
 drivers/net/ethernet/mellanox/mlxsw/core.h    |  83 ++++++----
 .../mellanox/mlxsw/core_acl_flex_actions.c    |   8 +-
 .../mellanox/mlxsw/core_acl_flex_actions.h    |   2 +-
 drivers/net/ethernet/mellanox/mlxsw/reg.h     |   2 +
 .../net/ethernet/mellanox/mlxsw/spectrum.h    |   9 +-
 .../ethernet/mellanox/mlxsw/spectrum_acl.c    |  37 ++++-
 .../ethernet/mellanox/mlxsw/spectrum_flower.c |  21 ++-
 .../ethernet/mellanox/mlxsw/spectrum_trap.c   |  59 +++++--
 drivers/net/ethernet/mellanox/mlxsw/trap.h    |   2 +
 include/net/devlink.h                         |   9 ++
 net/core/devlink.c                            |   3 +
 .../net/mlxsw/devlink_trap_acl_drops.sh       | 151 ++++++++++++++++++
 .../net/mlxsw/devlink_trap_l2_drops.sh        |  28 ++--
 .../net/mlxsw/devlink_trap_l3_drops.sh        |  44 ++---
 .../net/mlxsw/devlink_trap_tunnel_vxlan.sh    |   4 +-
 .../net/mlxsw/tc_flower_restrictions.sh       | 100 ++++++++++++
 .../selftests/net/forwarding/devlink_lib.sh   |   7 +-
 19 files changed, 539 insertions(+), 116 deletions(-)
 create mode 100755 tools/testing/selftests/drivers/net/mlxsw/devlink_trap_acl_drops.sh
 create mode 100755 tools/testing/selftests/drivers/net/mlxsw/tc_flower_restrictions.sh

-- 
2.21.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ