lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211006131301.tx42h4kcoacat2jm@skbuf>
Date:   Wed, 6 Oct 2021 13:13:02 +0000
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     Xiaoliang Yang <xiaoliang.yang_1@....com>
CC:     "davem@...emloft.net" <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "allan.nielsen@...rochip.com" <allan.nielsen@...rochip.com>,
        "joergen.andreasen@...rochip.com" <joergen.andreasen@...rochip.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "michael.chan@...adcom.com" <michael.chan@...adcom.com>,
        "vishal@...lsio.com" <vishal@...lsio.com>,
        "saeedm@...lanox.com" <saeedm@...lanox.com>,
        "jiri@...lanox.com" <jiri@...lanox.com>,
        "idosch@...lanox.com" <idosch@...lanox.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "kuba@...nel.org" <kuba@...nel.org>, Po Liu <po.liu@....com>,
        Leo Li <leoyang.li@....com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        "linux-mediatek@...ts.infradead.org" 
        <linux-mediatek@...ts.infradead.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "matthias.bgg@...il.com" <matthias.bgg@...il.com>,
        "horatiu.vultur@...rochip.com" <horatiu.vultur@...rochip.com>
Subject: Re: [PATCH v6 net-next 5/8] net: dsa: felix: support psfp filter on
 vsc9959

On Thu, Sep 30, 2021 at 03:59:45PM +0800, Xiaoliang Yang wrote:
> +static int vsc9959_psfp_filter_add(struct ocelot *ocelot,
> +				   struct flow_cls_offload *f)
> +{

Neither the vsc9959_psfp_filter_add nor vsc9959_psfp_filter_del
implementations take an "int port" as argument. Therefore, when the SFID
is programmed in the MAC table, it matches on any ingress port that is
in the same bridging domain as the port pointed towards by the MAC table
(and the MAC table selects the _destination_ port).

Otherwise said, in this setup:

                     br0
                   /  |  \
                  /   |   \
                 /    |    \
              swp0   swp1   swp2

bridge vlan add dev swp0 vid 100
bridge vlan add dev swp1 vid 100
bridge vlan add dev swp2 vid 100
bridge fdb add dev swp2 00:01:02:03:04:05 vlan 100 static master
tc filter add dev swp0 ingress chain 0 pref 49152 flower \
	skip_sw action goto chain 30000
tc filter add dev swp0 ingress chain 30000 pref 1 \
	protocol 802.1Q flower skip_sw \
	dst_mac 00:01:02:03:04:05 vlan_id 100 \
	action gate base-time 0.000000000 \
	sched-entry OPEN  5000000 -1 -1 \
	sched-entry CLOSE 5000000 -1 -1

The "filter" above will match not only on swp0, but also on packets
ingressed from swp1.

The hardware provides IGR_SRCPORT_MATCH_ENA and IGR_PORT_MASK bits in
the Stream Filter RAM (ANA:ANA_TABLES:SFID_MASK). Maybe you could
program a SFID to match only on the ports on which the user intended?

> +	struct netlink_ext_ack *extack = f->common.extack;
> +	struct felix_stream_filter sfi = {0};
> +	const struct flow_action_entry *a;
> +	struct felix_stream *stream_entry;
> +	struct felix_stream stream = {0};
> +	struct ocelot_psfp_list *psfp;
> +	int ret, i;
> +
> +	psfp = &ocelot->psfp;
> +
> +	ret = vsc9959_stream_identify(f, &stream);
> +	if (ret) {
> +		NL_SET_ERR_MSG_MOD(extack, "Only can match on VID, PCP, and dest MAC");
> +		return ret;
> +	}
> +
> +	flow_action_for_each(i, a, &f->rule->action) {
> +		switch (a->id) {
> +		case FLOW_ACTION_GATE:
> +		case FLOW_ACTION_POLICE:
> +		default:
> +			return -EOPNOTSUPP;
> +		}
> +	}
> +
> +	/* Check if stream is set. */
> +	stream_entry = vsc9959_stream_table_lookup(&psfp->stream_list, &stream);
> +	if (stream_entry) {
> +		NL_SET_ERR_MSG_MOD(extack, "This stream is already added");
> +		return -EEXIST;
> +	}
> +
> +	sfi.prio_valid = (stream.prio < 0 ? 0 : 1);
> +	sfi.prio = (sfi.prio_valid ? stream.prio : 0);
> +	sfi.enable = 1;
> +
> +	ret = vsc9959_psfp_sfi_table_add(ocelot, &sfi);
> +	if (ret)
> +		return ret;
> +
> +	stream.sfid = sfi.index;
> +	stream.sfid_valid = 1;
> +	ret = vsc9959_stream_table_add(ocelot, &psfp->stream_list,
> +				       &stream, extack);
> +	if (ret)
> +		vsc9959_psfp_sfi_table_del(ocelot, stream.sfid);
> +
> +	return ret;
> +}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ