lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 10 Nov 2021 10:43:20 +0000
From:   Xiaoliang Yang <xiaoliang.yang_1@....com>
To:     Vladimir Oltean <vladimir.oltean@....com>
CC:     "davem@...emloft.net" <davem@...emloft.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "allan.nielsen@...rochip.com" <allan.nielsen@...rochip.com>,
        "joergen.andreasen@...rochip.com" <joergen.andreasen@...rochip.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "michael.chan@...adcom.com" <michael.chan@...adcom.com>,
        "vishal@...lsio.com" <vishal@...lsio.com>,
        "saeedm@...lanox.com" <saeedm@...lanox.com>,
        "jiri@...lanox.com" <jiri@...lanox.com>,
        "idosch@...lanox.com" <idosch@...lanox.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "kuba@...nel.org" <kuba@...nel.org>, Po Liu <po.liu@....com>,
        Leo Li <leoyang.li@....com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        "linux-mediatek@...ts.infradead.org" 
        <linux-mediatek@...ts.infradead.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "matthias.bgg@...il.com" <matthias.bgg@...il.com>,
        "horatiu.vultur@...rochip.com" <horatiu.vultur@...rochip.com>
Subject: RE: [PATCH v6 net-next 5/8] net: dsa: felix: support psfp filter on
 vsc9959

Hi Vladimir,

> -----Original Message-----
> From: Vladimir Oltean <vladimir.oltean@....com>
> Sent: 2021年10月6日 21:13
> To: Xiaoliang Yang <xiaoliang.yang_1@....com>
> Cc: davem@...emloft.net; linux-kernel@...r.kernel.org;
> netdev@...r.kernel.org; allan.nielsen@...rochip.com;
> joergen.andreasen@...rochip.com; UNGLinuxDriver@...rochip.com;
> vinicius.gomes@...el.com; michael.chan@...adcom.com;
> vishal@...lsio.com; saeedm@...lanox.com; jiri@...lanox.com;
> idosch@...lanox.com; alexandre.belloni@...tlin.com; kuba@...nel.org; Po
> Liu <po.liu@....com>; Leo Li <leoyang.li@....com>; f.fainelli@...il.com;
> andrew@...n.ch; vivien.didelot@...il.com; Claudiu Manoil
> <claudiu.manoil@....com>; linux-mediatek@...ts.infradead.org;
> linux-arm-kernel@...ts.infradead.org; matthias.bgg@...il.com;
> horatiu.vultur@...rochip.com
> Subject: Re: [PATCH v6 net-next 5/8] net: dsa: felix: support psfp filter on
> vsc9959
> 
> On Thu, Oct 6, 2021 at 21:13:45 +0300, Vladimir Oltean wrote:
> > +static int vsc9959_psfp_filter_add(struct ocelot *ocelot,
> > +				   struct flow_cls_offload *f)
> > +{
> 
> Neither the vsc9959_psfp_filter_add nor vsc9959_psfp_filter_del
> implementations take an "int port" as argument. Therefore, when the SFID is
> programmed in the MAC table, it matches on any ingress port that is in the
> same bridging domain as the port pointed towards by the MAC table (and the
> MAC table selects the _destination_ port).
> 
> Otherwise said, in this setup:
> 
>                      br0
>                    /  |  \
>                   /   |   \
>                  /    |    \
>               swp0   swp1   swp2
> 
> bridge vlan add dev swp0 vid 100
> bridge vlan add dev swp1 vid 100
> bridge vlan add dev swp2 vid 100
> bridge fdb add dev swp2 00:01:02:03:04:05 vlan 100 static master tc filter add
> dev swp0 ingress chain 0 pref 49152 flower \
> 	skip_sw action goto chain 30000
> tc filter add dev swp0 ingress chain 30000 pref 1 \
> 	protocol 802.1Q flower skip_sw \
> 	dst_mac 00:01:02:03:04:05 vlan_id 100 \
> 	action gate base-time 0.000000000 \
> 	sched-entry OPEN  5000000 -1 -1 \
> 	sched-entry CLOSE 5000000 -1 -1
> 
> The "filter" above will match not only on swp0, but also on packets ingressed
> from swp1.
> 
> The hardware provides IGR_SRCPORT_MATCH_ENA and IGR_PORT_MASK bits
> in the Stream Filter RAM (ANA:ANA_TABLES:SFID_MASK). Maybe you could
> program a SFID to match only on the ports on which the user intended?
> 
Yes, you are right. I have tested that use IGR_SRCPORT_MATCH_ENA and IGR_PORT_MASK bits can let a SFID to
match only on the designated ports. But this only can match to two ports for each SFID, two ports use the sfid,
sfid+1 as SFID index. I can try to add it in driver, but it will limit user only to match one or two ports for a same
stream.

Thanks,
Xiaoliang

Powered by blists - more mailing lists