| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Dec 2021 15:21:38 +0100
From: Simon Horman <simon.horman@...igine.com>
To: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: Alexandre Belloni <alexandre.belloni@...tlin.com>,
Andrew Lunn <andrew@...n.ch>,
Claudiu Manoil <claudiu.manoil@....com>,
Cong Wang <xiyou.wangcong@...il.com>,
Florian Fainelli <f.fainelli@...il.com>,
Ido Schimmel <idosch@...dia.com>,
Jamal Hadi Salim <jhs@...atatu.com>,
Jiri Pirko <jiri@...nulli.us>,
Leon Romanovsky <leon@...nel.org>,
Michael Chan <michael.chan@...adcom.com>,
Oz Shlomo <ozsh@...dia.com>, Petr Machata <petrm@...dia.com>,
Roi Dayan <roid@...dia.com>,
Saeed Mahameed <saeedm@...dia.com>,
Vivien Didelot <vivien.didelot@...il.com>,
Vlad Buslov <vladbu@...dia.com>,
Vladimir Oltean <vladimir.oltean@....com>,
Baowen Zheng <baowen.zheng@...igine.com>,
Louis Peens <louis.peens@...igine.com>,
UNGLinuxDriver@...rochip.com, linux-kernel@...r.kernel.org,
linux-rdma@...r.kernel.org, netdev@...r.kernel.org,
oss-drivers@...igine.com, Simon Horman <simon.horman@...igine.com>
Subject: [PATCH v7 net-next 00/12] allow user to offload tc action to net device
Baowen Zheng says:
Allow use of flow_indr_dev_register/flow_indr_dev_setup_offload to offload
tc actions independent of flows.
The motivation for this work is to prepare for using TC police action
instances to provide hardware offload of OVS metering feature - which calls
for policers that may be used by multiple flows and whose lifecycle is
independent of any flows that use them.
This patch includes basic changes to offload drivers to return EOPNOTSUPP
if this feature is used - it is not yet supported by any driver.
Tc cli command to offload and quote an action:
# tc qdisc del dev $DEV ingress && sleep 1 || true
# tc actions delete action police index 200 || true
# tc qdisc add dev $DEV ingress
# tc qdisc show dev $DEV ingress
# tc actions add action police rate 100mbit burst 10000k index 200 skip_sw
# tc -s -d actions list action police
total acts 1
action order 0: police 0xc8 rate 100Mbit burst 10000Kb mtu 2Kb action reclassify
overhead 0b linklayer ethernet
ref 1 bind 0 installed 142 sec used 0 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
skip_sw in_hw in_hw_count 1
used_hw_stats delayed
# tc filter add dev $DEV protocol ip parent ffff: \
flower skip_sw ip_proto tcp action police index 200
# tc -s -d filter show dev $DEV protocol ip parent ffff:
filter pref 49152 flower chain 0
filter pref 49152 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
skip_sw
in_hw in_hw_count 1
action order 1: police 0xc8 rate 100Mbit burst 10000Kb mtu 2Kb action
reclassify overhead 0b linklayer ethernet
ref 2 bind 1 installed 300 sec used 0 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
skip_sw in_hw in_hw_count 1
used_hw_stats delayed
# tc filter add dev $DEV protocol ipv6 parent ffff: \
flower skip_sw ip_proto tcp action police index 200
# tc -s -d filter show dev $DEV protocol ipv6 parent ffff:
filter pref 49151 flower chain 0
filter pref 49151 flower chain 0 handle 0x1
eth_type ipv6
ip_proto tcp
skip_sw
in_hw in_hw_count 1
action order 1: police 0xc8 rate 100Mbit burst 10000Kb mtu 2Kb action
reclassify overhead 0b linklayer ethernet
ref 3 bind 2 installed 761 sec used 0 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
skip_sw in_hw in_hw_count 1
used_hw_stats delayed
# tc -s -d actions list action police
total acts 1
action order 0: police 0xc8 rate 100Mbit burst 10000Kb mtu 2Kb action reclassify overhead 0b linklayer ethernet
ref 3 bind 2 installed 917 sec used 0 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
skip_sw in_hw in_hw_count 1
used_hw_stats delayed
Changes between v6 and v7:
* Add a single patch to rename offload functions with offload for readability.
* Post 166b6a46b78b ("flow_offload: return EOPNOTSUPP for the unsupported mpls action type") as a bug fix to netdev.
* Rename the new added action offload setup ops with offload instead of flow
* Rename the new added action offload function with offload instead of flow.
* Add a single patch to rename exts stats update function for readability.
* Add more selftest cases for validate filter and actions.
* Fix the kernel test robot issue reported by Oliver Sang.
Changes between v5 and v6:
* Fix issue reported by Dan Carpenter found using Smatch.
Changes beteeen v4 and v5:
* Made changes of code style according to the public review comments.
* Add a fix for unsupported mpls action type in flow action setup stage.
* Add ops to tc_action_ops for flow action setup to facilitate
adding a standalone action module.
* Add notification process when deleting action in reoffload process.
Changes between v3 and v4:
* Made changes according to the public review comments.
* Validate flags inside tcf_action_init() instead of creating new
tcf_exts_validate_actions() function.
* Exactly match when validating flags of actions and filters.
* Add index to flow_action_entry for driver to identify actions.
Changes between v2 and v3:
* Made changes according to the review comments.
* Delete in_hw and not_in_hw flag and user can judge if the action is
offloaded to any hardware by in_hw_count.
* Split the main patch of the action offload to three single patch to
facilitate code review.
Changes between v1 and v2:
* Add the skip_hw/skip_sw for user to specify if the action should be in
hardware or software.
* Fix issue of sleeping function called from invalid context.
* Change the action offload/delete from batch to one by one.
* Add some parameters to the netlink message for user space to look up
the offload status of the actions.
* Add reoffload process to update action hw_count when driver is inserted
or removed.
Changes between v1 and RFC:
* Fix robot test failure.
* Change actions offload process in action add function rather than action
init.
* Change actions offload delete process after tcf_del_notify to keep
undeleted actions.
* Add process to update actions stats from hardware.
Baowen Zheng (12):
flow_offload: fill flags to action structure
flow_offload: reject to offload tc actions in offload drivers
flow_offload: add index to flow_action_entry structure
flow_offload: rename offload functions with offload instead of flow
flow_offload: add ops to tc_action_ops for flow action setup
flow_offload: allow user to offload tc action to net device
flow_offload: add skip_hw and skip_sw to control if offload the action
flow_offload: add process to update action stats from hardware
net: sched: save full flags for tc action
flow_offload: add reoffload process to update hw_count
flow_offload: validate flags of filter and actions
selftests: tc-testing: add action offload selftest for action and
filter
drivers/net/dsa/ocelot/felix_vsc9959.c | 4 +-
drivers/net/dsa/sja1105/sja1105_flower.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 +-
.../net/ethernet/freescale/enetc/enetc_qos.c | 6 +-
.../ethernet/mellanox/mlx5/core/en/rep/tc.c | 3 +
.../ethernet/mellanox/mlxsw/spectrum_flower.c | 2 +-
drivers/net/ethernet/mscc/ocelot_flower.c | 2 +-
.../ethernet/netronome/nfp/flower/offload.c | 3 +
include/linux/netdevice.h | 1 +
include/net/act_api.h | 27 +-
include/net/flow_offload.h | 20 +-
include/net/pkt_cls.h | 32 +-
include/net/tc_act/tc_gate.h | 5 -
include/uapi/linux/pkt_cls.h | 9 +-
net/core/flow_offload.c | 46 +-
net/sched/act_api.c | 452 +++++++++++++++++-
net/sched/act_bpf.c | 2 +-
net/sched/act_connmark.c | 2 +-
net/sched/act_csum.c | 19 +
net/sched/act_ct.c | 21 +
net/sched/act_ctinfo.c | 2 +-
net/sched/act_gact.c | 38 ++
net/sched/act_gate.c | 51 +-
net/sched/act_ife.c | 2 +-
net/sched/act_ipt.c | 2 +-
net/sched/act_mirred.c | 50 ++
net/sched/act_mpls.c | 54 ++-
net/sched/act_nat.c | 2 +-
net/sched/act_pedit.c | 36 +-
net/sched/act_police.c | 27 +-
net/sched/act_sample.c | 32 +-
net/sched/act_simple.c | 2 +-
net/sched/act_skbedit.c | 38 +-
net/sched/act_skbmod.c | 2 +-
net/sched/act_tunnel_key.c | 54 +++
net/sched/act_vlan.c | 48 ++
net/sched/cls_api.c | 272 ++---------
net/sched/cls_flower.c | 17 +-
net/sched/cls_matchall.c | 17 +-
net/sched/cls_u32.c | 12 +-
.../tc-testing/tc-tests/actions/police.json | 24 +
.../tc-testing/tc-tests/filters/matchall.json | 72 +++
42 files changed, 1208 insertions(+), 306 deletions(-)
--
2.20.1
Powered by blists - more mailing lists