lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 4 Jun 2023 18:08:00 +0200
From: Simon Horman <simon.horman@...igine.com>
To: Wojciech Drewek <wojciech.drewek@...el.com>
Cc: intel-wired-lan@...ts.osuosl.org, netdev@...r.kernel.org,
	alexandr.lobakin@...el.com, david.m.ertman@...el.com,
	michal.swiatkowski@...ux.intel.com, marcin.szycik@...ux.intel.com,
	pawel.chmielewski@...el.com, sridhar.samudrala@...el.com,
	pmenzel@...gen.mpg.de, dan.carpenter@...aro.org
Subject: Re: [PATCH iwl-next v4 08/13] ice: Add guard rule when creating FDB
 in switchdev

On Wed, May 24, 2023 at 02:21:16PM +0200, Wojciech Drewek wrote:
> From: Marcin Szycik <marcin.szycik@...el.com>
> 
> Introduce new "guard" rule upon FDB entry creation.
> 
> It matches on src_mac, has valid bit unset, allow_pass_l2 set
> and has a nop action.
> 
> Previously introduced "forward" rule matches on dst_mac, has valid
> bit set, need_pass_l2 set and has a forward action.
> 
> With these rules, a packet will be offloaded only if FDB exists in both
> directions (RX and TX).
> 
> Let's assume link partner sends a packet to VF1: src_mac = LP_MAC,
> dst_mac = is VF1_MAC. Bridge adds FDB, two rules are created:
> 1. Guard rule matching on src_mac == LP_MAC
> 2. Forward rule matching on dst_mac == LP_MAC
> Now VF1 responds with src_mac = VF1_MAC, dst_mac = LP_MAC. Before this
> change, only one rule with dst_mac == LP_MAC would have existed, and the
> packet would have been offloaded, meaning the bridge wouldn't add FDB in
> the opposite direction. Now, the forward rule matches (dst_mac == LP_MAC),
> but it has need_pass_l2 set an there is no guard rule with
> src_mac == VF1_MAC, so the packet goes through slow-path and the bridge
> adds FDB. Two rules are created:
> 1. Guard rule matching on src_mac == VF1_MAC
> 2. Forward rule matching on dst_mac == VF1_MAC
> Further packets in both directions will be offloaded.
> 
> The same example is true in opposite direction (i.e. VF1 is the first to
> send a packet out).
> 
> Signed-off-by: Marcin Szycik <marcin.szycik@...el.com>
> Signed-off-by: Wojciech Drewek <wojciech.drewek@...el.com>

Reviewed-by: Simon Horman <simon.horman@...igine.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ