lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 May 2020 21:36:35 +0300
From:   Ido Schimmel <>
Cc:,,,, Ido Schimmel <>
Subject: [PATCH net-next 00/14] devlink: Add support for control packet traps

From: Ido Schimmel <>

So far device drivers were only able to register drop and exception
packet traps with devlink. These traps are used for packets that were
either dropped by the underlying device or encountered an exception
(e.g., missing neighbour entry) during forwarding.

However, in the steady state, the majority of the packets being trapped
to the CPU are packets that are required for the correct functioning of
the control plane. For example, ARP request and IGMP query packets.

This patch set allows device drivers to register such control traps with
devlink and expose their default control plane policy to user space.
User space can then tune the packet trap policer settings according to
its needs, as with existing packet traps.

In a similar fashion to exception traps, the action associated with such
traps cannot be changed as it can easily break the control plane. Unlike
drop and exception traps, packets trapped via control traps are not
reported to the kernel's drop monitor as they are not indicative of any

Patch set overview:

Patches #1-#3 break out layer 3 exceptions to a different group to
provide better granularity. A future patch set will make this completely

Patch #4 adds a new trap action ('mirror') that is used for packets that
are forwarded by the device and sent to the CPU. Such packets are marked
by device drivers with 'skb->offload_fwd_mark = 1' in order to prevent
the kernel from forwarding them again.

Patch #5 adds the new trap type, 'control'.

Patches #6-#8 gradually add various control traps to devlink with proper

Patch #9 adds a few control traps to netdevsim, which are automatically
exercised by existing devlink-trap selftest.

Patches #10 performs small refactoring in mlxsw.

Patches #11-#13 change mlxsw to register its existing control traps with

Patch #14 adds a selftest over mlxsw that exercises all the registered
control traps.

Ido Schimmel (14):
  devlink: Create dedicated trap group for layer 3 exceptions
  mlxsw: spectrum_trap: Move layer 3 exceptions to exceptions trap group
  netdevsim: Move layer 3 exceptions to exceptions trap group
  devlink: Add 'mirror' trap action
  devlink: Add 'control' trap type
  devlink: Add layer 2 control packet traps
  devlink: Add layer 3 control packet traps
  devlink: Add ACL control packet traps
  netdevsim: Register control traps
  mlxsw: spectrum_trap: Factor out common Rx listener function
  mlxsw: spectrum_trap: Register layer 2 control traps
  mlxsw: spectrum_trap: Register layer 3 control traps
  mlxsw: spectrum_trap: Register ACL control traps
  selftests: mlxsw: Add test for control packets

 .../networking/devlink/devlink-trap.rst       | 219 +++++-
 drivers/net/ethernet/mellanox/mlxsw/reg.h     |   2 +-
 .../net/ethernet/mellanox/mlxsw/spectrum.c    | 149 +---
 .../net/ethernet/mellanox/mlxsw/spectrum.h    |   4 +
 .../ethernet/mellanox/mlxsw/spectrum_trap.c   | 583 ++++++++++++++-
 drivers/net/netdevsim/dev.c                   |  10 +-
 include/net/devlink.h                         | 189 +++++
 include/uapi/linux/devlink.h                  |   9 +
 net/core/devlink.c                            |  73 +-
 .../drivers/net/mlxsw/ | 688 ++++++++++++++++++
 .../selftests/net/forwarding/   |  23 +
 11 files changed, 1781 insertions(+), 168 deletions(-)
 create mode 100755 tools/testing/selftests/drivers/net/mlxsw/


Powered by blists - more mailing lists