lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DM5PR1301MB2172C0F6E86850B5646DAB84E7369@DM5PR1301MB2172.namprd13.prod.outlook.com>
Date:   Thu, 17 Feb 2022 10:25:57 +0000
From:   Baowen Zheng <baowen.zheng@...igine.com>
To:     Jianbo Liu <jianbol@...dia.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>
CC:     "olteanv@...il.com" <olteanv@...il.com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "rajur@...lsio.com" <rajur@...lsio.com>,
        "claudiu.manoil@....com" <claudiu.manoil@....com>,
        "sgoutham@...vell.com" <sgoutham@...vell.com>,
        "gakula@...vell.com" <gakula@...vell.com>,
        "sbhatta@...vell.com" <sbhatta@...vell.com>,
        "hkelam@...vell.com" <hkelam@...vell.com>,
        "saeedm@...dia.com" <saeedm@...dia.com>,
        "leon@...nel.org" <leon@...nel.org>,
        "idosch@...dia.com" <idosch@...dia.com>,
        "petrm@...dia.com" <petrm@...dia.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        Simon Horman <simon.horman@...igine.com>,
        "jhs@...atatu.com" <jhs@...atatu.com>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
        "jiri@...nulli.us" <jiri@...nulli.us>,
        "louis.peens@...ronome.com" <louis.peens@...ronome.com>,
        Nole Zhang <peng.zhang@...igine.com>,
        oss-drivers <oss-drivers@...igine.com>,
        "roid@...dia.com" <roid@...dia.com>
Subject: RE: [PATCH net-next v2 1/2] net: flow_offload: add tc police action
 parameters

On February 17, 2022 4:28 PM, Jianbo wrote:
>The current police offload action entry is missing exceed/notexceed actions
>and parameters that can be configured by tc police action.
>Add the missing parameters as a pre-step for offloading police actions to
>hardware.
>
>Signed-off-by: Jianbo Liu <jianbol@...dia.com>
>Signed-off-by: Roi Dayan <roid@...dia.com>
>Reviewed-by: Ido Schimmel <idosch@...dia.com>
>---
> include/net/flow_offload.h     | 13 ++++++++++
> include/net/tc_act/tc_police.h | 30 ++++++++++++++++++++++
> net/sched/act_police.c         | 46 ++++++++++++++++++++++++++++++++++
> 3 files changed, 89 insertions(+)
>
>diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h index
>5b8c54eb7a6b..94cde6bbc8a5 100644
>--- a/include/net/flow_offload.h
>+++ b/include/net/flow_offload.h
>@@ -148,6 +148,8 @@ enum flow_action_id {
> 	FLOW_ACTION_MPLS_MANGLE,
> 	FLOW_ACTION_GATE,
> 	FLOW_ACTION_PPPOE_PUSH,
>+	FLOW_ACTION_JUMP,
>+	FLOW_ACTION_PIPE,
> 	NUM_FLOW_ACTIONS,
> };
>
>@@ -235,9 +237,20 @@ struct flow_action_entry {
> 		struct {				/* FLOW_ACTION_POLICE */
> 			u32			burst;
> 			u64			rate_bytes_ps;
>+			u64			peakrate_bytes_ps;
>+			u32			avrate;
>+			u16			overhead;
> 			u64			burst_pkt;
> 			u64			rate_pkt_ps;
> 			u32			mtu;
>+			struct {
>+				enum flow_action_id     act_id;
>+				u32                     index;
>+			} exceed;
>+			struct {
>+				enum flow_action_id     act_id;
>+				u32                     index;
>+			} notexceed;
It seems exceed and notexceed use the same format struct, will it be more simpler to define as:
			struct {
				enum flow_action_id     act_id;
				u32                     index;
			} exceed, notexceed;

> 		} police;
> 		struct {				/* FLOW_ACTION_CT */
> 			int action;
>diff --git a/include/net/tc_act/tc_police.h b/include/net/tc_act/tc_police.h
>index 72649512dcdd..283bde711a42 100644
>--- a/include/net/tc_act/tc_police.h
>+++ b/include/net/tc_act/tc_police.h
>@@ -159,4 +159,34 @@ static inline u32 tcf_police_tcfp_mtu(const struct
>tc_action *act)
> 	return params->tcfp_mtu;
> }
>
>+static inline u64 tcf_police_peakrate_bytes_ps(const struct tc_action
>+*act) {
>+	struct tcf_police *police = to_police(act);
>+	struct tcf_police_params *params;
>+
>+	params = rcu_dereference_protected(police->params,
>+					   lockdep_is_held(&police->tcf_lock));
>+	return params->peak.rate_bytes_ps;
>+}
>+
>+static inline u32 tcf_police_tcfp_ewma_rate(const struct tc_action
>+*act) {
>+	struct tcf_police *police = to_police(act);
>+	struct tcf_police_params *params;
>+
>+	params = rcu_dereference_protected(police->params,
>+					   lockdep_is_held(&police->tcf_lock));
>+	return params->tcfp_ewma_rate;
>+}
>+
>+static inline u16 tcf_police_rate_overhead(const struct tc_action *act)
>+{
>+	struct tcf_police *police = to_police(act);
>+	struct tcf_police_params *params;
>+
>+	params = rcu_dereference_protected(police->params,
>+					   lockdep_is_held(&police->tcf_lock));
>+	return params->rate.overhead;
>+}
>+
> #endif /* __NET_TC_POLICE_H */
>diff --git a/net/sched/act_police.c b/net/sched/act_police.c index
>0923aa2b8f8a..0457b6c9c4e7 100644
>--- a/net/sched/act_police.c
>+++ b/net/sched/act_police.c
>@@ -405,20 +405,66 @@ static int tcf_police_search(struct net *net, struct
>tc_action **a, u32 index)
> 	return tcf_idr_search(tn, a, index);
> }
>
>+static int tcf_police_act_to_flow_act(int tc_act, int *index) {
>+	int act_id = -EOPNOTSUPP;
>+
>+	if (!TC_ACT_EXT_OPCODE(tc_act)) {
>+		if (tc_act == TC_ACT_OK)
>+			act_id = FLOW_ACTION_ACCEPT;
>+		else if (tc_act ==  TC_ACT_SHOT)
>+			act_id = FLOW_ACTION_DROP;
>+		else if (tc_act == TC_ACT_PIPE)
>+			act_id = FLOW_ACTION_PIPE;
>+	} else if (TC_ACT_EXT_CMP(tc_act, TC_ACT_GOTO_CHAIN)) {
>+		act_id = FLOW_ACTION_GOTO;
>+		*index = tc_act & TC_ACT_EXT_VAL_MASK;
For the TC_ACT_GOTO_CHAIN  action, the goto_chain information is missing from software to hardware, is it useful for hardware to check?

>+	} else if (TC_ACT_EXT_CMP(tc_act, TC_ACT_JUMP)) {
>+		act_id = FLOW_ACTION_JUMP;
>+		*index = tc_act & TC_ACT_EXT_VAL_MASK;
>+	}
>+
>+	return act_id;
>+}
>+
> static int tcf_police_offload_act_setup(struct tc_action *act, void *entry_data,
> 					u32 *index_inc, bool bind)
> {
> 	if (bind) {
> 		struct flow_action_entry *entry = entry_data;
>+		struct tcf_police *police = to_police(act);
>+		struct tcf_police_params *p;
>+		int act_id;
>+
>+		p = rcu_dereference_protected(police->params,
>+					      lockdep_is_held(&police->tcf_lock));
>
> 		entry->id = FLOW_ACTION_POLICE;
> 		entry->police.burst = tcf_police_burst(act);
> 		entry->police.rate_bytes_ps =
> 			tcf_police_rate_bytes_ps(act);
>+		entry->police.peakrate_bytes_ps =
>tcf_police_peakrate_bytes_ps(act);
>+		entry->police.avrate = tcf_police_tcfp_ewma_rate(act);
>+		entry->police.overhead = tcf_police_rate_overhead(act);
> 		entry->police.burst_pkt = tcf_police_burst_pkt(act);
> 		entry->police.rate_pkt_ps =
> 			tcf_police_rate_pkt_ps(act);
> 		entry->police.mtu = tcf_police_tcfp_mtu(act);
>+
>+		act_id = tcf_police_act_to_flow_act(police->tcf_action,
>+						    &entry-
>>police.exceed.index);
>+		if (act_id < 0)
>+			return act_id;
>+
>+		entry->police.exceed.act_id = act_id;
>+
>+		act_id = tcf_police_act_to_flow_act(p->tcfp_result,
>+						    &entry-
>>police.notexceed.index);
>+		if (act_id < 0)
>+			return act_id;
>+
>+		entry->police.notexceed.act_id = act_id;
>+
> 		*index_inc = 1;
> 	} else {
> 		struct flow_offload_action *fl_action = entry_data;
>--
>2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ