lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZBGTL9i9/rC6xSdQ@localhost.localdomain>
Date:   Wed, 15 Mar 2023 10:43:11 +0100
From:   Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
To:     edward.cree@....com
Cc:     linux-net-drivers@....com, davem@...emloft.net, kuba@...nel.org,
        pabeni@...hat.com, edumazet@...gle.com,
        Edward Cree <ecree.xilinx@...il.com>, netdev@...r.kernel.org,
        habetsm.xilinx@...il.com
Subject: Re: [PATCH net-next 4/5] sfc: add code to register and unregister
 encap matches

On Tue, Mar 14, 2023 at 05:35:24PM +0000, edward.cree@....com wrote:
> From: Edward Cree <ecree.xilinx@...il.com>
> 
> Add a hashtable to detect duplicate and conflicting matches.  If match
>  is not a duplicate, call MAE functions to add/remove it from OR table.
> Calling code not added yet, so mark the new functions as unused.
> 
> Signed-off-by: Edward Cree <ecree.xilinx@...il.com>
> ---
>  drivers/net/ethernet/sfc/tc.c | 176 ++++++++++++++++++++++++++++++++++
>  drivers/net/ethernet/sfc/tc.h |  11 +++
>  2 files changed, 187 insertions(+)
> 
> diff --git a/drivers/net/ethernet/sfc/tc.c b/drivers/net/ethernet/sfc/tc.c
> index d683665a8d87..dc092403af12 100644
> --- a/drivers/net/ethernet/sfc/tc.c
> +++ b/drivers/net/ethernet/sfc/tc.c
> @@ -57,6 +57,12 @@ static s64 efx_tc_flower_external_mport(struct efx_nic *efx, struct efx_rep *efv
>  	return mport;
>  }
>  
> +static const struct rhashtable_params efx_tc_encap_match_ht_params = {
> +	.key_len	= offsetof(struct efx_tc_encap_match, linkage),
> +	.key_offset	= 0,
> +	.head_offset	= offsetof(struct efx_tc_encap_match, linkage),
> +};
> +
>  static const struct rhashtable_params efx_tc_match_action_ht_params = {
>  	.key_len	= sizeof(unsigned long),
>  	.key_offset	= offsetof(struct efx_tc_flow_rule, cookie),
> @@ -344,6 +350,157 @@ static int efx_tc_flower_parse_match(struct efx_nic *efx,
>  	return 0;
>  }
>  
> +__always_unused
> +static int efx_tc_flower_record_encap_match(struct efx_nic *efx,
> +					    struct efx_tc_match *match,
> +					    enum efx_encap_type type,
> +					    struct netlink_ext_ack *extack)
> +{
> +	struct efx_tc_encap_match *encap, *old;
> +	unsigned char ipv;
int? or even boolean is_ipv4

> +	int rc;
> +
> +	/* We require that the socket-defining fields (IP addrs and UDP dest
> +	 * port) are present and exact-match.  Other fields are currently not
> +	 * allowed.  This meets what OVS will ask for, and means that we don't
> +	 * need to handle difficult checks for overlapping matches as could
> +	 * come up if we allowed masks or varying sets of match fields.
> +	 */
> +	if (match->mask.enc_dst_ip | match->mask.enc_src_ip) {
> +		ipv = 4;
> +		if (!IS_ALL_ONES(match->mask.enc_dst_ip)) {
> +			NL_SET_ERR_MSG_MOD(extack,
> +					   "Egress encap match is not exact on dst IP address");
> +			return -EOPNOTSUPP;
> +		}
> +		if (!IS_ALL_ONES(match->mask.enc_src_ip)) {
> +			NL_SET_ERR_MSG_MOD(extack,
> +					   "Egress encap match is not exact on src IP address");
Do You mean that only exact match is supported?

> +			return -EOPNOTSUPP;
> +		}
> +#ifdef CONFIG_IPV6
> +		if (!ipv6_addr_any(&match->mask.enc_dst_ip6) ||
> +		    !ipv6_addr_any(&match->mask.enc_src_ip6)) {
> +			NL_SET_ERR_MSG_MOD(extack,
> +					   "Egress encap match on both IPv4 and IPv6, don't understand");
> +			return -EOPNOTSUPP;
> +		}
> +	} else {
> +		ipv = 6;
> +		if (!efx_ipv6_addr_all_ones(&match->mask.enc_dst_ip6)) {
> +			NL_SET_ERR_MSG_MOD(extack,
> +					   "Egress encap match is not exact on dst IP address");
> +			return -EOPNOTSUPP;
> +		}
> +		if (!efx_ipv6_addr_all_ones(&match->mask.enc_src_ip6)) {
> +			NL_SET_ERR_MSG_MOD(extack,
> +					   "Egress encap match is not exact on src IP address");
> +			return -EOPNOTSUPP;
> +		}
> +#endif
> +	}
> +	if (!IS_ALL_ONES(match->mask.enc_dport)) {
> +		NL_SET_ERR_MSG_MOD(extack, "Egress encap match is not exact on dst UDP port");
> +		return -EOPNOTSUPP;
> +	}
> +	if (match->mask.enc_sport) {
> +		NL_SET_ERR_MSG_MOD(extack, "Egress encap match on src UDP port not supported");
> +		return -EOPNOTSUPP;
> +	}
> +	if (match->mask.enc_ip_tos) {
> +		NL_SET_ERR_MSG_MOD(extack, "Egress encap match on IP ToS not supported");
> +		return -EOPNOTSUPP;
> +	}
> +	if (match->mask.enc_ip_ttl) {
> +		NL_SET_ERR_MSG_MOD(extack, "Egress encap match on IP TTL not supported");
> +		return -EOPNOTSUPP;
> +	}
> +
> +	rc = efx_mae_check_encap_match_caps(efx, ipv, extack);
> +	if (rc) {
> +		NL_SET_ERR_MSG_FMT_MOD(extack, "MAE hw reports no support for IPv%d encap matches",
> +				       ipv);
> +		return -EOPNOTSUPP;
> +	}
> +
> +	encap = kzalloc(sizeof(*encap), GFP_USER);
> +	if (!encap)
> +		return -ENOMEM;
> +	switch (ipv) {
> +	case 4:
> +		encap->src_ip = match->value.enc_src_ip;
> +		encap->dst_ip = match->value.enc_dst_ip;
> +		break;
> +#ifdef CONFIG_IPV6
> +	case 6:
> +		encap->src_ip6 = match->value.enc_src_ip6;
> +		encap->dst_ip6 = match->value.enc_dst_ip6;
> +		break;
> +#endif
> +	default: /* can't happen */
> +		NL_SET_ERR_MSG_FMT_MOD(extack, "Egress encap match on bad IP version %d",
> +				       ipv);
> +		rc = -EOPNOTSUPP;
> +		goto fail_allocated;
I will rewrite it to if. You will get rid of this unreachable code.

> +	}
> +	encap->udp_dport = match->value.enc_dport;
> +	encap->tun_type = type;
> +	old = rhashtable_lookup_get_insert_fast(&efx->tc->encap_match_ht,
> +						&encap->linkage,
> +						efx_tc_encap_match_ht_params);
> +	if (old) {
> +		/* don't need our new entry */
> +		kfree(encap);
> +		if (old->tun_type != type) {
> +			NL_SET_ERR_MSG_FMT_MOD(extack,
> +					       "Egress encap match with conflicting tun_type %u != %u",
> +					       old->tun_type, type);
> +			return -EEXIST;
> +		}
> +		if (!refcount_inc_not_zero(&old->ref))
> +			return -EAGAIN;
> +		/* existing entry found */
> +		encap = old;
> +	} else {
> +		rc = efx_mae_register_encap_match(efx, encap);
> +		if (rc) {
> +			NL_SET_ERR_MSG_MOD(extack, "Failed to record egress encap match in HW");
> +			goto fail_inserted;
> +		}
> +		refcount_set(&encap->ref, 1);
> +	}
> +	match->encap = encap;
> +	return 0;
> +fail_inserted:
> +	rhashtable_remove_fast(&efx->tc->encap_match_ht, &encap->linkage,
> +			       efx_tc_encap_match_ht_params);
> +fail_allocated:
> +	kfree(encap);
> +	return rc;
> +}
> +
[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ