| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Jul 2020 06:49:09 +0000
From: Xiaoliang Yang <xiaoliang.yang_1@....com>
To: "Allan W. Nielsen" <allan.nielsen@...rochip.com>,
Vladimir Oltean <olteanv@...il.com>
CC: Po Liu <po.liu@....com>, Claudiu Manoil <claudiu.manoil@....com>,
Alexandru Marginean <alexandru.marginean@....com>,
Vladimir Oltean <vladimir.oltean@....com>,
Leo Li <leoyang.li@....com>, Mingkai Hu <mingkai.hu@....com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Vivien Didelot <vivien.didelot@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Jiri Pirko <jiri@...nulli.us>,
Ido Schimmel <idosch@...sch.org>,
Jakub Kicinski <kuba@...nel.org>,
Vinicius Costa Gomes <vinicius.gomes@...el.com>,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
Roopa Prabhu <roopa@...ulusnetworks.com>,
netdev <netdev@...r.kernel.org>,
lkml <linux-kernel@...r.kernel.org>,
Horatiu Vultur <horatiu.vultur@...rochip.com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
Joergen Andreasen <joergen.andreasen@...rochip.com>,
Microchip Linux Driver Support <UNGLinuxDriver@...rochip.com>,
"linux-devel@...ux.nxdi.nxp.com" <linux-devel@...ux.nxdi.nxp.com>
Subject: RE: [EXT] Re: [PATCH v2 net-next 03/10] net: mscc: ocelot: allocated
rules to different hardware VCAP TCAMs by chain index
Hi Allan,
On 11.06.2002 2:18, Allan W. Nielsen <allan.nielsen@...rochip.com> wrote:
>> >> Here is my initial suggestion for an alternative chain-schema:
>> >>
>> >> Chain 0: The default chain - today this is in IS2. If we proceed
>> >> with this as is - then this will change.
>> >> Chain 1-9999: These are offloaded by "basic" classification.
>> >> Chain 10000-19999: These are offloaded in IS1
>> >> Chain 10000: Lookup-0 in IS1, and here we could limit the
>> >> action to do QoS related stuff (priority
>> >> update)
>> >> Chain 11000: Lookup-1 in IS1, here we could do VLAN
>> >> stuff
>> >> Chain 12000: Lookup-2 in IS1, here we could apply the
>> >> "PAG" which is essentially a GOTO.
>> >>
>> >> Chain 20000-29999: These are offloaded in IS2
>> >> Chain 20000-20255: Lookup-0 in IS2, where CHAIN-ID -
>> >> 20000 is the PAG value.
>> >> Chain 21000-21000: Lookup-1 in IS2.
>> >>
>> >> All these chains should be optional - users should only need to
>> >> configure the chains they need. To make this work, we need to
>> >> configure both the desired actions (could be priority update) and the goto action.
>> >> Remember in HW, all packets goes through this process, while in SW
>> >> they only follow the "goto" path.
>> >>
I agree with this chain assignment, following is an example to set rules:
1. Set a matchall rule for each chain, the last chain do not need goto chain action.
# tc filter add dev swp0 chain 0 flower skip_sw action goto chain 10000
# tc filter add dev swp0 chain 10000 flower skip_sw action goto chain 21000
In driver, use these rules to register the chain.
2. Set normal rules.
# tc filter add dev swp0 chain 10000 protocol 802.1Q parent ffff: flower skip_sw vlan_id 1 vlan_prio 1 action skbedit priority 1 action goto chain 21000
# tc filter add dev swp0 chain 21000 protocol 802.1Q parent ffff: flower skip_sw vlan_id 1 vlan_prio 1 action drop
In driver, we check if the chain ID has been registered, and goto chain is the same as first matchall rule, if is not, then return error. Each rule need has goto action except last chain.
I also have check about chain template, it can not set an action template for each chain, so I think it's no use for our case. If this way to set rules is OK, I will update the patch to do as this.
Thanks,
Xiaoliang Yang
Powered by blists - more mailing lists