lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c48ca445-88a5-bb00-89a3-f1a0196351ce@kernel.org>
Date:   Thu, 8 Dec 2022 10:30:15 -0700
From:   David Ahern <dsahern@...nel.org>
To:     Daniel Machon <daniel.machon@...rochip.com>, netdev@...r.kernel.org
Cc:     stephen@...workplumber.org, petrm@...dia.com,
        maxime.chevallier@...tlin.com, vladimir.oltean@....com,
        UNGLinuxDriver@...rochip.com
Subject: Re: [PATCH iproute2-next v4 0/2] Add pcp-prio and new apptrust
 subcommand

On 12/5/22 3:21 PM, Daniel Machon wrote:
> This patch series makes use of the newly introduced [1] DCB_APP_SEL_PCP
> selector, for PCP/DEI prioritization, and DCB_ATTR_IEEE_APP_TRUST
> attribute for configuring per-selector trust and trust-order.
> 
> ========================================================================
> New parameter "pcp-prio" to existing "app" subcommand:
> ========================================================================
> 
> A new pcp-prio parameter has been added to the app subcommand, which can
> be used to classify traffic based on PCP and DEI from the VLAN header.
> PCP and DEI is specified in a combination of numerical and symbolic
> form, where 'de' (drop-eligible) means DEI=1 and 'nd' (not-drop-eligible)
> means DEI=0.
> 
> Map PCP 1 and DEI 0 to priority 1
> $ dcb app add dev eth0 pcp-prio 1nd:1
> 
> Map PCP 1 and DEI 1 to priority 1
> $ dcb app add dev eth0 pcp-prio 1de:1
> 
> ========================================================================
> New apptrust subcommand for configuring per-selector trust and trust
> order:
> ========================================================================
> 
> This new command currently has a single parameter, which lets you
> specify an ordered list of trusted selectors. The microchip sparx5
> driver is already enabled to offload said list of trusted selectors. The
> new command has been given the name apptrust, to indicate that the trust
> covers APP table selectors only. I found that 'apptrust' was better than
> plain 'trust' as the latter does not indicate the scope of what is to be
> trusted.
> 
> Example:
> 
> Trust selectors dscp and pcp, in that order:
> $ dcb apptrust set dev eth0 order dscp pcp
> 
> Trust selectors ethtype, stream-port and pcp, in that order
> $ dcb apptrust set dev eth0 order ethtype stream-port pcp
> 
> Show the trust order
> $ dcb apptrust show dev eth0 order order: ethtype stream-port pcp
> 
> A concern was raised here [2], that 'apptrust' would not work well with
> matches(), so instead strcmp() has been used to match for the new
> subcommand, as suggested here [3]. Same goes with pcp-prio parameter for
> dcb app.
> 
> The man page for dcb_app has been extended to cover the new pcp-prio
> parameter, and a new man page for dcb_apptrust has been created.
> 
> [1] https://lore.kernel.org/netdev/20221101094834.2726202-1-daniel.machon@microchip.com/
> [2] https://lore.kernel.org/netdev/20220909080631.6941a770@hermes.local/
> [3] https://lore.kernel.org/netdev/Y0fP+9C0tE7P2xyK@shredder/
> 
> ================================================================================
> v3-> v4:
>   - Remove print warning in dcb_app_print_key_pcp()
>   - Add Petr's Reviewed-By tag
> 
> v2 -> v3:
>   - Add macro for maximum pcp/dei value.
> 
> v1 -> v2:
>   - Modified dcb_cmd_apptrust_set() to allow multiple consecutive parameters.
>   - Added dcb_apptrust_print() to print everything in case of no argument.
>   - Renamed pcp keys 0-7 to 0nd-7nd.
>   - Renamed selector names in dcb-apptrust to reflect names used in dcb-app.
>   - Updated dcb-app manpage to reflect new selector names, and removed part
>     about hardware offload.
>   - Updated dcb-apptrust manpage to reflect new selector names, and modified the
>     description of the 'order' parameter.
>   - Replaced uses of parse_one_of() with loops, for new 1nd:1 semantics to be
>     parsed correctly, and not printing an error if selector was not found in
>     list.
> 
> 
> Daniel Machon (2):
>   dcb: add new pcp-prio parameter to dcb app
>   dcb: add new subcommand for apptrust
> 
>  dcb/Makefile            |   3 +-
>  dcb/dcb.c               |   4 +-
>  dcb/dcb.h               |   7 +
>  dcb/dcb_app.c           | 138 +++++++++++++++++-
>  dcb/dcb_apptrust.c      | 307 ++++++++++++++++++++++++++++++++++++++++
>  man/man8/dcb-app.8      |  32 +++++
>  man/man8/dcb-apptrust.8 | 109 ++++++++++++++
>  7 files changed, 592 insertions(+), 8 deletions(-)
>  create mode 100644 dcb/dcb_apptrust.c
>  create mode 100644 man/man8/dcb-apptrust.8
> 
> --
> 2.34.1
> 

applied to iproute2-next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ