| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221031155607.3615381-1-steen.hegelund@microchip.com>
Date: Mon, 31 Oct 2022 16:56:02 +0100
From: Steen Hegelund <steen.hegelund@...rochip.com>
To: "David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
CC: Steen Hegelund <steen.hegelund@...rochip.com>,
<UNGLinuxDriver@...rochip.com>,
Randy Dunlap <rdunlap@...radead.org>,
"Casper Andersson" <casper.casan@...il.com>,
Russell King <rmk+kernel@...linux.org.uk>,
Wan Jiabing <wanjiabing@...o.com>,
"Nathan Huckleberry" <nhuck@...gle.com>,
<linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>,
"Daniel Machon" <daniel.machon@...rochip.com>,
Horatiu Vultur <horatiu.vultur@...rochip.com>,
Lars Povlsen <lars.povlsen@...rochip.com>
Subject: [PATCH net-next v3 0/5] Extend TC key support for Sparx5 IS2 VCAP
This provides extended tc flower filter key support for the Sparx5 VCAP
functionality.
It builds on top of the initial IS2 VCAP support found in this series:
https://lore.kernel.org/all/20221020130904.1215072-1-steen.hegelund@microchip.com/
Overview:
=========
The added flower filter key (dissector) support is this:
- ipv4_addr (sip and dip)
- ipv6_addr (sip and dip)
- control (IPv4 fragments)
- portnum (tcp and udp port numbers)
- basic (L3 and L4 protocol)
- vlan (outer vlan tag info)
- tcp (tcp flags)
- ip (tos field)
The IS2 VCAP supports classified VLAN information which amounts to the
outer VLAN info in case of multiple tags.
Functionality:
==============
Before frames can match IS2 VCAP rules with e.g an IPv4 source address, the
IS2 VCAPs keyset configuration must include keyset that contains a IPv4
source address and this must be configured for the lookup/port/traffic-type
that you want to match on.
The Sparx5 IS2 VCAP has the following traffic types:
- Non-Ethernet frames
- IPv4 Unicast frames
- IPv4 Multicast frames
- IPv6 Unicast frames
- IPv6 Multicast frames
- ARP frames
So to cover IPv4 traffic the two IPv4 categories must be configured with a
keyset that contains IPv4 address information such as the
VCAP_KFS_IP4_TCP_UDP keyset.
The IPv4 and IPv6 traffic types are configured with useful default keysets,
in later series we will use the tc template functionality when we want to
change these defaults.
Delivery:
=========
This is current plan for delivering the full VCAP feature set of Sparx5:
Version History:
================
v3 Add some more details to the explanation in the commit message
about support for MAC_ETYPE keysets and "protocol all" as well as
the classified VLAN information. This is done to help testing the
feature.
No implementation changes in this version.
v2 Split one of the KUNIT tests into 3 tests to fix a kernel robot
build warning.
v1 Initial version
Steen Hegelund (5):
net: microchip: sparx5: Differentiate IPv4 and IPv6 traffic in keyset
config
net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP
net: microchip: sparx5: Match keys in configured port keysets
net: microchip: sparx5: Let VCAP API validate added key- and
actionfields
net: microchip: sparx5: Adding KUNIT tests of key/action values in
VCAP API
.../microchip/sparx5/sparx5_tc_flower.c | 410 +++++++++++++++-
.../microchip/sparx5/sparx5_vcap_impl.c | 168 ++++++-
.../net/ethernet/microchip/vcap/vcap_api.c | 251 +++++++++-
.../ethernet/microchip/vcap/vcap_api_client.h | 13 +
.../ethernet/microchip/vcap/vcap_api_kunit.c | 447 ++++++++++++++++++
5 files changed, 1256 insertions(+), 33 deletions(-)
--
2.38.1
Powered by blists - more mailing lists