lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALnP8ZZ3HkYqmrrHsV2skC1fkkZNViLszXkS2sq5wjTw_ZR6hQ@mail.gmail.com>
Date:   Wed, 30 Nov 2022 10:05:01 -0800
From:   Marcelo Leitner <mleitner@...hat.com>
To:     Tianyu Yuan <tianyu.yuan@...igine.com>
Cc:     Eelco Chaudron <echaudro@...hat.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Simon Horman <simon.horman@...igine.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Davide Caratti <dcaratti@...hat.com>,
        Edward Cree <edward.cree@....com>,
        Ilya Maximets <i.maximets@....org>,
        Oz Shlomo <ozsh@...dia.com>, Paul Blakey <paulb@...dia.com>,
        Vlad Buslov <vladbu@...dia.com>,
        "dev@...nvswitch.org" <dev@...nvswitch.org>,
        oss-drivers <oss-drivers@...igine.com>,
        Ziyang Chen <ziyang.chen@...igine.com>
Subject: Re: [PATCH/RFC net-next] tc: allow drivers to accept gact with PIPE
 when offloading

On Wed, Nov 30, 2022 at 03:36:57AM +0000, Tianyu Yuan wrote:
>
> On Mon, Nov 29, 2022 at 8:35 PM , Eelco Chaudron wrote:
> >
> > On 28 Nov 2022, at 14:33, Marcelo Leitner wrote:
> >
> > > On Mon, Nov 28, 2022 at 02:17:40PM +0100, Eelco Chaudron wrote:
> > >>
> > >>
> > >> On 28 Nov 2022, at 14:11, Marcelo Leitner wrote:
> > >>
> > >>> On Mon, Nov 28, 2022 at 07:11:05AM +0000, Tianyu Yuan wrote:
> > > ...
> > >>>>
> > >>>> Furthermore, I think the current stats for each action mentioned in
> > >>>> 2) cannot represent the real hw stats and this is why [ RFC
> > >>>> net-next v2 0/2] (net: flow_offload: add support for per action hw stats)
> > will come up.
> > >>>
> > >>> Exactly. Then, when this patchset (or similar) come up, it won't
> > >>> update all actions with the same stats anymore. It will require a
> > >>> set of stats from hw for the gact with PIPE action here. But if
> > >>> drivers are ignoring this action, they can't have specific stats for
> > >>> it. Or am I missing something?
> > >>>
> > >>> So it is better for the drivers to reject the whole flow instead of
> > >>> simply ignoring it, and let vswitchd probe if it should or should
> > >>> not use this action.
> > >>
> > >> Please note that OVS does not probe features per interface, but does it
> > per datapath. So if it’s supported in pipe in tc software, we will use it. If the
> > driver rejects it, we will probably end up with the tc software rule only.
> > >
> > > Ah right. I remember it will pick 1 interface for testing and use
> > > those results everywhere, which then I don't know if it may or may not
> > > be a representor port or not. Anyhow, then it should use skip_sw, to
> > > try to probe for the offloading part. Otherwise I'm afraid tc sw will
> > > always accept this flow and trick the probing, yes.
> >
> > Well, it depends on how you look at it. In theory, we should be hardware
> > agnostic, meaning what if you have different hardware in your system? OVS
> > only supports global offload enablement.
> >
> > Tianyu how are you planning to support this from the OVS side? How would
> > you probe kernel and/or hardware support for this change?
>
> Currently in the test demo, I just extend gact with PIPE (previously only SHOT as default and
> GOTO_CHAIN when chain exists), and then put such a gact with PIPE at the first place of each
> filter which will be transacted with kernel tc.
>
> About the tc sw datapath mentioned, we don't have to make changes because gact with PIPE
> has already been supported in current tc implementation and it could act like a 'counter' And
> for the hardware we just need to ignore this PIPE and the stats of this action will still be updated
> in kernel side and sent to userspace.

I can't see how the action would have stats from hw if the driver is
ignoring the action.

But maybe there was a misunderstanding here. I was reading more the
cxgb4 driver here and AFAICT this patch will skip PIPE on the action
validation, but not actually skip the action entirely. Then it will
hit cxgb4_process_flow_actions() and maybe the driver will the right
thing with a dummy action out of the blue. Was this your expectation,
to just ignore it in the validation step, and let it fall through
through the driver? If yes, the comments are misleading, as the NICs
will have to process the packets.

>
> I agree with that the unsupported actions should be rejected by drivers, so may another approach
> could work without ignoring PIPE in all the related drivers, that we directly make put the flower stats
> from driver into the socket which is used to transact with userspace and userspace(e.g. OVS) update
> the flow stats using this stats instead of the parsing the action stats. How do you think of this?

I don't understand this approach. Can you please rephrase?

Thanks,
Marcelo

>
> Cheers,
> Tianyu
> >
> > //Eelco
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ