lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 22 Jan 2021 08:36:01 +0000
From:   Oleksandr Mazur <oleksandr.mazur@...ision.eu>
To:     Jakub Kicinski <kuba@...nel.org>, Ido Schimmel <idosch@...sch.org>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "jiri@...dia.com" <jiri@...dia.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH net-next] net: core: devlink: add new trap action
 HARD_DROP

On Thu, 21 Jan 2021 14:21:52 +0200 Ido Schimmel wrote:
> On Thu, Jan 21, 2021 at 01:29:37PM +0200, Oleksandr Mazur wrote:
> > Add new trap action HARD_DROP, which can be used by the
> > drivers to register traps, where it's impossible to get
> > packet reported to the devlink subsystem by the device
> > driver, because it's impossible to retrieve dropped packet
> > from the device itself.
> > In order to use this action, driver must also register
> > additional devlink operation - callback that is used
> > to retrieve number of packets that have been dropped by
> > the device.  
> 
> Are these global statistics about number of packets the hardware dropped
> for a specific reason or are these per-port statistics?
> 
> It's a creative use of devlink-trap interface, but I think it makes
> sense. Better to re-use an existing interface than creating yet another
> one.

> Not sure if I agree, if we can't trap why is it a trap?
> It's just a counter.

It's just another ACTION for trap item. Action however can be switched, e.g. from HARD_DROP to MIRROR.

The thing is to be able to configure specific trap to be dropped, and provide a way for the device to report back how many packets have been dropped.
If device is able to report the packet itself, then devlink would be in charge of counting. If not, there should be a way to retrieve these statistics from the devlink.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ