| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Jul 2020 00:28:44 +0300
From: Ariel Levkovich <lariel@...lanox.com>
To: netdev@...r.kernel.org
Cc: jiri@...nulli.us, kuba@...nel.org, jhs@...atatu.com,
xiyou.wangcong@...il.com, ast@...nel.org, daniel@...earbox.net,
Ariel Levkovich <lariel@...lanox.com>
Subject: [PATCH net-next v3 0/4] ] TC datapath hash api
Supporting datapath hash allows user to set up rules that provide
load balancing of traffic across multiple vports and for ECMP path
selection while keeping the number of rule at minimum.
Instead of matching on exact flow spec, which requires a rule per
flow, user can define rules based on hashing on the packet headers
and distribute the flows to different buckets. The number of rules
in this case will be constant and equal to the number of buckets.
The datapath hash functionality is achieved in two steps -
performing the hash action and then matching on the result, as
part of the packet's classification.
To compute the hash value, the api offers 2 methods:
1. Linux implementation of an asymmetric hash algorithm
which is performed on the L4 headers of the packet.
This method is usable via an extention to act_skbedit and
allows user to provide a basis value to be included in
the computation.
2. User provided bpf program that implements
a hash computation algorithm. This option is usable
via a new type of tc action - action_hash.
Through both methods, the hash value is calculated
and stored in the skb->hash field so it can be matched
later as a key in the cls flower classifier.
where the hash function can be standard asymetric hashing that Linux
offers or alternatively user can provide a bpf program that
performs hash calculation on a packet.
Usage is as follows:
For hash calculation:
$ tc filter add dev ens1f0_0 ingress \
prio 1 chain 0 proto ip \
flower ip_proto tcp \
action hash object-file <file> section <hash_section>\
action goto chain 2
Or:
$ tc filter add dev ens1f0_0 ingress \
prio 1 chain 0 proto ip \
flower ip_proto udp \
action skbedit hash asym_l4 basis <basis> \
action goto chain 2
Matching on hash result:
$ tc filter add dev ens1f0_0 ingress \
prio 1 chain 2 proto ip \
flower hash 0x0/0xf \
action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_0 ingress \
prio 1 chain 2 proto ip \
flower hash 0x1/0xf \
action mirred egress redirect dev ens1f0_2
v2 -> v3:
*Split hash algorithm option into 2 different actions.
Asym_l4 available via act_skbedit and bpf via new act_hash.
Ariel Levkovich (4):
net/sched: Add skb->hash field editing via act_skbedit
net/sched: Introduce action hash
net/flow_dissector: add packet hash dissection
net/sched: cls_flower: Add hash info to flow classification
include/linux/skbuff.h | 4 +
include/net/act_api.h | 2 +
include/net/flow_dissector.h | 9 +
include/net/tc_act/tc_hash.h | 20 ++
include/net/tc_act/tc_skbedit.h | 2 +
include/uapi/linux/pkt_cls.h | 4 +
include/uapi/linux/tc_act/tc_hash.h | 25 ++
include/uapi/linux/tc_act/tc_skbedit.h | 7 +
net/core/flow_dissector.c | 17 ++
net/sched/Kconfig | 11 +
net/sched/Makefile | 1 +
net/sched/act_hash.c | 348 +++++++++++++++++++++++++
net/sched/act_skbedit.c | 38 +++
net/sched/cls_api.c | 1 +
net/sched/cls_flower.c | 16 ++
15 files changed, 505 insertions(+)
create mode 100644 include/net/tc_act/tc_hash.h
create mode 100644 include/uapi/linux/tc_act/tc_hash.h
create mode 100644 net/sched/act_hash.c
--
2.25.2
Powered by blists - more mailing lists