| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Oct 2021 13:32:32 +0200
From: Simon Horman <simon.horman@...igine.com>
To: netdev@...r.kernel.org
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Roi Dayan <roid@...dia.com>,
Vlad Buslov <vladbu@...dia.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...lanox.com>,
Baowen Zheng <notifications@...hub.com>,
Louis Peens <louis.peens@...igine.com>,
oss-drivers@...igine.com, Simon Horman <simon.horman@...igine.com>
Subject: [RFC/PATCH net-next v2 0/5] allow user to offload tc action to net device
Baowen Zheng says:
Allow use of flow_indr_dev_register/flow_indr_dev_setup_offload to offload
tc actions independent of flows.
The motivation for this work is to prepare for using TC police action
instances to provide hardware offload of OVS metering feature - which calls
for policers that may be used by multiple flows and whose lifecycle is
independent of any flows that use them.
This patch includes basic changes to offload drivers to return EOPNOTSUPP
if this feature is used - it is not yet supported by any driver.
Tc cli command to offload and quote an action:
tc qdisc del dev $DEV ingress && sleep 1 || true
tc actions delete action police index 99 || true
tc qdisc add dev $DEV ingress
tc qdisc show dev $DEV ingress
tc actions add action police index 99 rate 1mbit burst 100k skip_sw
tc actions list action police
tc filter add dev $DEV protocol ip parent ffff:
flower ip_proto tcp action police index 99
tc -s -d filter show dev $DEV protocol ip parent ffff:
tc filter add dev $DEV protocol ipv6 parent ffff:
flower skip_sw ip_proto tcp action police index 99
tc -s -d filter show dev $DEV protocol ipv6 parent ffff:
tc actions list action police
tc qdisc del dev $DEV ingress && sleep 1
tc actions delete action police index 99
tc actions list action police
Changes compared to v1 patches:
* Add the skip_hw/skip_sw for user to specify if the action should be in
hardware or software.
* Fix issue of sleeping function called from invalid context.
* Change the action offload/delete from batch to one by one.
* Add some parameters to the netlink message for user space to look up
the offload status of the actions.
* Add reoffload process to update action hw_count when driver is inserted
or removed.
Posting this revision of the patchset as an RFC as while we feel it is
ready for review we would like an opportunity to conduct further testing
before acceptance into upstream.
Baowen Zheng (5):
flow_offload: fill flags to action structure
flow_offload: allow user to offload tc action to net device
flow_offload: add process to update action stats from hardware
flow_offload: add reoffload process to update hw_count
flow_offload: validate flags of filter and actions
drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 +-
.../ethernet/mellanox/mlx5/core/en/rep/tc.c | 3 +
.../ethernet/netronome/nfp/flower/offload.c | 3 +
include/linux/netdevice.h | 1 +
include/net/act_api.h | 18 +-
include/net/flow_offload.h | 27 +
include/net/pkt_cls.h | 90 +++-
include/uapi/linux/pkt_cls.h | 12 +-
net/core/flow_offload.c | 48 +-
net/sched/act_api.c | 471 +++++++++++++++++-
net/sched/act_bpf.c | 2 +-
net/sched/act_connmark.c | 2 +-
net/sched/act_ctinfo.c | 2 +-
net/sched/act_gate.c | 2 +-
net/sched/act_ife.c | 2 +-
net/sched/act_ipt.c | 2 +-
net/sched/act_mpls.c | 2 +-
net/sched/act_nat.c | 2 +-
net/sched/act_pedit.c | 2 +-
net/sched/act_police.c | 2 +-
net/sched/act_sample.c | 2 +-
net/sched/act_simple.c | 2 +-
net/sched/act_skbedit.c | 2 +-
net/sched/act_skbmod.c | 2 +-
net/sched/cls_api.c | 29 +-
net/sched/cls_flower.c | 5 +
net/sched/cls_matchall.c | 6 +
net/sched/cls_u32.c | 11 +
28 files changed, 709 insertions(+), 45 deletions(-)
--
2.20.1
Powered by blists - more mailing lists