lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Dec 2021 13:03:23 -0500
From:   Jamal Hadi Salim <jhs@...atatu.com>
To:     Volodymyr Mytnyk <volodymyr.mytnyk@...ision.eu>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Cc:     Taras Chornyi <taras.chornyi@...ision.eu>,
        Mickey Rachamim <mickeyr@...vell.com>,
        Serhiy Pshyk <serhiy.pshyk@...ision.eu>,
        Volodymyr Mytnyk <vmytnyk@...vell.com>,
        Taras Chornyi <tchornyi@...vell.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH net-next] net: prestera: flower template support

On 2021-12-02 12:39, Volodymyr Mytnyk wrote:
> Hi Jamal,
> 
>>
>>> From: Volodymyr Mytnyk<vmytnyk@...vell.com>
>>>
>>> Add user template explicit support. At this moment, max TCAM rule size
>>> is utilized for all rules, doesn't matter which and how much flower
>>> matches are provided by user. It means that some of TCAM space is
>>> wasted, which impacts the number of filters that can be offloaded.
>>>
>>> Introducing the template, allows to have more HW offloaded filters.
>>>
>>> Example:
>>>     tc qd add dev PORT clsact
>>>     tc chain add dev PORT ingress protocol ip \
>>>       flower dst_ip 0.0.0.0/16
>>
>> "chain" or "filter"?
> 
> tc chain add ... flower [tempalte] is the command to add explicitly chain with a given template
> 

I guess you are enforcing the template on chain 0. My brain
was  expecting chain id to be called out.


> tc filter ... is the command to add a filter itself in that chain
> 

Got it.


>> You are not using tc priority? Above will result in two priorities (the 0.0.0.0 entry will be more important) and in classical flower approach two  different tables.
>> I am wondering how you map the table to the TCAM.
>> Is the priority sorting entirely based on masks in hardware?
> 
> Kernel tc filter priority is used as a priority for HW rule (see flower implementation).

The TCAM however should be able to accept many masks - is the idea
here to enforce some mask per chain and then have priority being the
priorities handle conflict? What happens when you explicitly specify
priority. If you dont specify it the kernel provides it and essentially
resolution is based on the order in which the rules are entered..

cheers,
jamal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ