| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Nov 2022 11:41:10 +0100
From: Daniel Machon <daniel.machon@...rochip.com>
To: <netdev@...r.kernel.org>
CC: <dsahern@...nel.org>, <stephen@...workplumber.org>,
<petrm@...dia.com>, <maxime.chevallier@...tlin.com>,
<vladimir.oltean@....com>, <UNGLinuxDriver@...rochip.com>,
Daniel Machon <daniel.machon@...rochip.com>
Subject: [PATCH iproute2-next 0/2] Add pcp-prio and new apptrust subcommand
This patch series makes use of the newly introduced [1] DCB_APP_SEL_PCP
selector, for PCP/DEI prioritization, and DCB_ATTR_IEEE_APP_TRUST
attribute for configuring per-selector trust and trust-order.
========================================================================
New parameter "pcp-prio" to existing "app" subcommand:
========================================================================
A new pcp-prio parameter has been added to the app subcommand, which can
be used to classify traffic based on PCP and DEI from the VLAN header.
PCP and DEI is specified in a combination of numerical and symbolic
form, where 'de' (as specified in the PCP Encoding Table, 802.1Q) means
DEI=1.
Map PCP 1 and DEI 0 to priority 1 $ dcb app add dev eth0 pcp-prio 1:1
Map PCP 1 and DEI 1 to priority 1 $ dcb app add dev eth0 pcp-prio 1de:1
In a hardware offloaded context, 'de' can be used by drivers, to map the
DEI bit directly to a drop-precedence.
========================================================================
New apptrust subcommand for configuring per-selector trust and trust
order:
========================================================================
This new command currently has a single parameter, which lets you
specify an ordered list of trusted selectors. The microchip sparx5
driver is already enabled to offload said list of trusted selectors. The
new command has been given the name apptrust, to indicate that the trust
covers APP table selectors only. I found that 'apptrust' was better than
plain 'trust' as the latter does not indicate the scope of what is to be
trusted.
Example:
Trust selectors dscp and pcp, in that order: $ dcb apptrust set dev eth0
order dscp pcp
Trust selectors ethertype, stream and pcp, in that order $ dcb apptrust
set dev eth0 order eth stream pcp
Show the trust order $ dcb apptrust show dev eth0 order trust-order: eth
stream pcp
A concern was raised here [2], that 'apptrust' would not work well with
matches(), so instead strcmp() has been used to match for the new
subcommand, as suggested here [3]. Same goes with pcp-prio parameter for
dcb app.
The man page for dcb_app has been extended to cover the new pcp-prio
parameter, and a new man page for dcb_apptrust has been created.
[1] https://lore.kernel.org/netdev/20221101094834.2726202-1-daniel.machon@microchip.com/
[2] https://lore.kernel.org/netdev/20220909080631.6941a770@hermes.local/
[3] https://lore.kernel.org/netdev/Y0fP+9C0tE7P2xyK@shredder/
Daniel Machon (2):
dcb: add new pcp-prio parameter to dcb app
dcb: add new subcommand for apptrust
dcb/Makefile | 3 +-
dcb/dcb.c | 4 +-
dcb/dcb.h | 7 +
dcb/dcb_app.c | 138 ++++++++++++++++++-
dcb/dcb_apptrust.c | 291 ++++++++++++++++++++++++++++++++++++++++
man/man8/dcb-app.8 | 27 ++++
man/man8/dcb-apptrust.8 | 118 ++++++++++++++++
7 files changed, 580 insertions(+), 8 deletions(-)
create mode 100644 dcb/dcb_apptrust.c
create mode 100644 man/man8/dcb-apptrust.8
--
2.34.1
Powered by blists - more mailing lists