| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Mar 2023 14:40:58 +0100
From: Steen Hegelund <steen.hegelund@...rochip.com>
To: "David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
CC: Steen Hegelund <steen.hegelund@...rochip.com>,
<UNGLinuxDriver@...rochip.com>, <linux-kernel@...r.kernel.org>,
<netdev@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>,
"Steen Hegelund" <Steen.Hegelund@...rochip.com>,
Daniel Machon <daniel.machon@...rochip.com>,
Horatiu Vultur <horatiu.vultur@...rochip.com>,
Lars Povlsen <lars.povlsen@...rochip.com>,
Russell King <rmk+kernel@...linux.org.uk>,
Randy Dunlap <rdunlap@...radead.org>,
"Casper Andersson" <casper.casan@...il.com>,
Nathan Huckleberry <nhuck@...gle.com>,
Dan Carpenter <error27@...il.com>,
Michael Walle <michael@...le.cc>,
"Wan Jiabing" <wanjiabing@...o.com>,
Qiheng Lin <linqiheng@...wei.com>,
"Shang XiaoJing" <shangxiaojing@...wei.com>,
Simon Horman <simon.horman@...igine.com>
Subject: [PATCH net-next 0/5] Add support for TC flower templates in Sparx5
This adds support for the TC template mechanism in the Sparx5 flower filter
implementation.
Templates are as such handled by the TC framework, but when a template is
created (using a chain id) there are by definition no filters on this
chain (an error will be returned if there are any).
If the templates chain id is one that is represented by a VCAP lookup, then
when the template is created, we know that it is safe to use the keys
provided in the template to change the keyset configuration for the (port,
lookup) combination, if this is needed to improve the match on the
template.
The original port keyset configuration is captured in the template state
information which is kept per port, so that when the template is deleted
the port keyset configuration can be restored to its previous setting.
The template also provides the protocol parameter which is the basic
information that is used to find out which port keyset configuration needs
to be changed.
The VCAPs and lookups are slightly different when it comes to which keys,
keysets and protocol are supported and used for selection, so in some
cases a bit of tweaking is needed to find a useful match. This is done by
e.g. removing a key that prevents the best matching keyset from being
selected.
The debugfs output that is provided for a port allows inspection of the
currently used keyset in each of the VCAPs lookups. So when a template has
been created the debugfs output allows you to verify if the keyset
configuration has been changed successfully.
Steen Hegelund (5):
net: microchip: sparx5: Correct the spelling of the keysets in debugfs
net: microchip: sparx5: Provide rule count, key removal and keyset
select
net: microchip: sparx5: Add TC template list to a port
net: microchip: sparx5: Add port keyset changing functionality
net: microchip: sparx5: Add TC template support
.../ethernet/microchip/sparx5/sparx5_main.c | 1 +
.../ethernet/microchip/sparx5/sparx5_main.h | 1 +
.../microchip/sparx5/sparx5_tc_flower.c | 209 +++++++++++++-
.../microchip/sparx5/sparx5_vcap_debugfs.c | 2 +-
.../microchip/sparx5/sparx5_vcap_impl.c | 270 ++++++++++++++++++
.../microchip/sparx5/sparx5_vcap_impl.h | 6 +
.../net/ethernet/microchip/vcap/vcap_api.c | 61 ++++
.../ethernet/microchip/vcap/vcap_api_client.h | 11 +
8 files changed, 553 insertions(+), 8 deletions(-)
--
2.39.2
Powered by blists - more mailing lists