lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220413055248.1959073-1-mattias.forsblad@gmail.com>
Date:   Wed, 13 Apr 2022 07:52:48 +0200
From:   Mattias Forsblad <mattias.forsblad@...il.com>
To:     netdev@...r.kernel.org
Cc:     roid@...dia.com, vladbu@...dia.com, Eli Cohen <eli@...lanox.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Baowen Zheng <baowen.zheng@...igine.com>,
        Vladimir Oltean <olteanv@...il.com>,
        Tobias Waldekranz <tobias@...dekranz.com>,
        Mattias Forsblad <mattias.forsblad@...il.com>
Subject: [RFC net-next] net: tc: flow indirect framework issue

Hello all,

I'm currently working to get offloading of tc rules (clsact/matchall/drop) 
on a bridge offloaded to HW. The patch series is here:

https://lore.kernel.org/netdev/20220411131619.43js6owwkalcdwwa@skbuf/T/#m07bff9e205e9ac03d15a4e758b4129235da88aba

However I'm having some trouble with it. More specific in the limitations section
in the link above, quote:

Limitations
If there is tc rules on a bridge and all the ports leave the bridge
and then joins the bridge again, the indirect framwork doesn't seem
to reoffload them at join. The tc rules need to be torn down and
re-added. This seems to be because of limitations in the tc
framework.

The same issue can bee seen it you have a bridge with no ports
and then adds a tc rule, like so:

tc qdisc add dev br0 clsact
tc filter add dev br0 ingress pref 1 proto all matchall action drop

And then adds a port to that bridge
ip link set dev swp0 master br0   <---- flow_indr_dev_register() bc this

I'm seeing the callback(TC_SETUP_BLOCK) from flow_indr_dev_register()
but I'm not getting any callbacks that I've added via flow_block_cb_add()

Do you maybe have some idea why I'm seeing this behavior?
Am i doing something wrong or is it a known issue or something else?

Best regards,

Mattias Forsblad
mattias.forsblad@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ