lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230417045710.GB20350@pengutronix.de>
Date:   Mon, 17 Apr 2023 06:57:10 +0200
From:   Oleksij Rempel <o.rempel@...gutronix.de>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Andrew Lunn <andrew@...n.ch>,
        Eric Dumazet <edumazet@...gle.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Woojung Huh <woojung.huh@...rochip.com>,
        Arun Ramadoss <arun.ramadoss@...rochip.com>,
        kernel@...gutronix.de, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, UNGLinuxDriver@...rochip.com
Subject: Re: [PATCH net-next v1 2/2] net: dsa: microchip: Add partial ACL
 support for ksz9477 switches

Hi Vladimir,

On Sun, Apr 16, 2023 at 07:56:58PM +0300, Vladimir Oltean wrote:
> Hi Oleksij,
> 
> I only took a superficial look, and hence, here are some superficial comments.
> 
> On Tue, Apr 11, 2023 at 07:24:55PM +0200, Oleksij Rempel wrote:
> > The ACL also implements a count function, generating an interrupt
> > instead of a forwarding action. It can be used as a watchdog timer or an
> > event counter.
> 
> Is the interrupt handled here? I didn't see cls_flower_stats().

No, it is not implemented in this patch. It is generic description of things
ACL should be able to do. Is it confusing? Should I remove it?

> > The ACL consists of three parts: matching rules, action
> > rules, and processing entries. Multiple match conditions can be either
> > AND'ed or OR'ed together.
> > 
> > This patch introduces support for a subset of the available ACL
> > functionality, specifically layer 2 matching and prioritization of
> > matched packets. For example:
> > 
> > tc qdisc add dev lan2 clsact
> > tc filter add dev lan2 ingress protocol 0x88f7 flower skip_sw hw_tc 7
> > 
> > tc qdisc add dev lan1 clsact
> > tc filter add dev lan1 ingress protocol 0x88f7 flower skip_sw hw_tc 7
> 
> Have you considered the "skbedit priority" action as opposed to hw_tc?

I had already thought of that, but since bridging is offloaded in the HW
no skbs are involved, i thought it will be confusing. Since tc-flower seems to
already support hw_tc remapping, I decided to use it. I hope it will not harm,
to use it for now as mandatory option and make it optional later if other
actions are added, including skbedit.

Regards,
Oleksij
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ