| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jun 2020 08:44:34 -0400
From: Jamal Hadi Salim <jhs@...atatu.com>
To: Po Liu <po.liu@....com>,
"davem@...emloft.net" <davem@...emloft.net>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"idosch@...sch.org" <idosch@...sch.org>
Cc: "jiri@...nulli.us" <jiri@...nulli.us>,
"vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
"vlad@...lov.dev" <vlad@...lov.dev>,
Claudiu Manoil <claudiu.manoil@....com>,
Vladimir Oltean <vladimir.oltean@....com>,
Alexandru Marginean <alexandru.marginean@....com>,
"michael.chan@...adcom.com" <michael.chan@...adcom.com>,
"vishal@...lsio.com" <vishal@...lsio.com>,
"saeedm@...lanox.com" <saeedm@...lanox.com>,
"leon@...nel.org" <leon@...nel.org>,
"jiri@...lanox.com" <jiri@...lanox.com>,
"idosch@...lanox.com" <idosch@...lanox.com>,
"alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
"UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
"simon.horman@...ronome.com" <simon.horman@...ronome.com>,
"pablo@...filter.org" <pablo@...filter.org>,
"moshe@...lanox.com" <moshe@...lanox.com>,
"m-karicheri2@...com" <m-karicheri2@...com>,
"andre.guedes@...ux.intel.com" <andre.guedes@...ux.intel.com>,
"stephen@...workplumber.org" <stephen@...workplumber.org>,
Edward Cree <ecree@...arflare.com>
Subject: Re: [v1,net-next 3/4] net: qos: police action add index for tc flower
offloading
On 2020-06-23 7:52 p.m., Po Liu wrote:
> Hi Jamal,
>
>
>>>> My question: Is this any different from how stats are structured?
>>>
[..]
>> My question: Why cant you apply the same semantics for the counters?
>> Does your hardware have an indexed counter/stats table? If yes then you
>
> Yes,
That is the point i was trying to get to. Basically:
You have a counter table which is referenced by "index"
You also have a meter/policer table which is referenced by "index".
For policers, they maintain their own stats. So when i say:
tc ... flower ... action police ... index 5
The index referred to is in the policer table
But for other actions, example when i say:
tc ... flower ... action drop index 10
The index is in the counter/stats table.
It is not exactly "10" in hardware, the driver magically hides
it from the user - so it could be hw counter index 1234
The old approach is to assume the classifier (flower in this
case) has a counter. The reason for this assumption is older
hardware was designed to deal with a single action per match.
So a counter to the filter is also the counter to the
(single) action. I get the feeling your hardware fits in that
space.
Modern use cases have evolved from the ACL single match and action
approach. Maintaining the old thought/architecture breaks in two
use cases:
1) when you have multiple actions per policy filter. You need
counter-per-action for various reasons
2) Sharing of counters across filters and action. This can
be achieve
tc supports the above and is sufficient to cover the old use
cases.
I am just worried, architecturally, we are restricting ourselves
to the old scheme.
Another reason this is important is for the sake of analytics.
A user space app can poll just for the stats table in hardware
(or the cached version in the kernel) and reduce the amount of
data crossing to user space..
cheers,
jamal
Powered by blists - more mailing lists