| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2022 08:52:20 +0100
From: Petr Machata <petrm@...dia.com>
To: Vladimir Oltean <olteanv@...il.com>
CC: Andrew Lunn <andrew@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, <netdev@...r.kernel.org>,
Ido Schimmel <idosch@...dia.com>,
Petr Machata <petrm@...dia.com>,
Alexander Duyck <alexander.duyck@...il.com>,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...dia.com>, <f.fainelli@...il.com>,
<vivien.didelot@...il.com>
Subject: Re: [RFC PATCH net-next 1/2] net: dsa: allow setting port-based QoS
priority using tc matchall skbedit
Vladimir Oltean <olteanv@...il.com> writes:
> Hi Andrew,
>
> On Thu, 14 Jan 2021 at 03:03, Andrew Lunn <andrew@...n.ch> wrote:
>> On Thu, Jan 14, 2021 at 02:17:59AM +0200, Vladimir Oltean wrote:
>> > On Thu, Jan 14, 2021 at 12:41:28AM +0100, Andrew Lunn wrote:
>> > > On Wed, Jan 13, 2021 at 05:41:38PM +0200, Vladimir Oltean wrote:
>> > > > + int (*port_priority_set)(struct dsa_switch *ds, int port,
>> > > > + struct dsa_mall_skbedit_tc_entry *skbedit);
>> > >
>> > > The fact we can turn this on/off suggests there should be a way to
>> > > disable this in the hardware, when the matchall is removed. I don't
>> > > see any such remove support in this patch.
>> >
>> > I don't understand this comment, sorry. When the matchall filter
>> > containing the skbedit action gets removed, DSA calls the driver's
>> > .port_priority_set callback again, this time with a priority of 0.
>> > There's nothing to "remove" about a port priority. I made an assumption
>> > (which I still consider perfectly reasonable) that no port-based
>> > prioritization means that all traffic gets classified to traffic class 0.
>>
>> That does not work for mv88e6xxx. Its default setup, if i remember
>> correctly, is it looks at the TOS bits to determine priority
>> classes. So in its default state, it is using all the available
>> traffic classes. It can also be configured to look at the VLAN
>> priority, or the TCAM can set the priority class, or there is a per
>> port default priority, which is what you are describing here. There
>> are bits to select which of these happen on ingress, on a per port
>> basis.
>>
>> So setting the port priority to 0 means setting the priority of
>> zero. It does not mean go back to the default prioritisation scheme.
>>
>> I guess any switch which has a range of options for prioritisation
>> selection will have a similar problem. It defaults to something,
>> probably something a bit smarter than everything goes to traffic class
>> 0.
>>
>> Andrew
>
> I was going through my old patches, and re-reading this conversation,
> it appears one of us is misunderstanding something.
>
> I looked at some Marvell datasheet and it has a similar QoS
> classification pipeline to Vitesse switches. There is a port-based
> default priority which can be overridden by IP DSCP, VLAN PCP, or
> advanced QoS classification (TCAM).
>
> The proposal I had was to configure the default port priority using tc
> matchall skbedit priority. Advanced QoS classification would then be
> expressed as tc-flower filters with a higher precedence than the
> matchall (basically the "catchall"). PCP and DSCP, I don't know if
> that can be expressed cleanly using tc. I think there's something in
> the dcb ops, but I haven't studied that too deeply.
In 802.1Q-2014, port-default priority is handled as APP entries matching
on EtherType of 0. (See Table D-9.) Those are "default priority. For use
when priority is not otherwise specified".
So DCB ops just handle these as APP entries. Dunno what DSA does. In
mlxsw, we call dcb_ieee_getapp_default_prio_mask() when the DCP set_app
hook fires to find the relevant entries and get the priority bitmask.
Now I don't understand DSA at all, but given a chip with fancy defaults,
for the DCB interface in particular, it would make sense to me to have
two ops. As long as there are default-prio entries, a "set default
priority" op would get invoked with the highest configured default
priority. When the last entry disappears, an "unset" op would be called.
Not sure what DSA does with ACLs, but it's not clear to me how TC-based
prioritization rules coexist with full blown ACLs. I suppose the prio
stuff could live on chain 0 and all actions would be skbedit prio pipe
goto chain 1 or something. And goto chain 0 is forbidden, because chain
0 is special. Or maybe the prioritization stuff lives on a root qdisc
(but no, we need it for ingress packets...) One way or another it looks
hairy to dissect and offload accurately IMHO.
Powered by blists - more mailing lists