[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230905153734.18b9bc84@kernel.org>
Date: Tue, 5 Sep 2023 15:37:34 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Junfeng Guo <junfeng.guo@...el.com>
Cc: intel-wired-lan@...ts.osuosl.org, netdev@...r.kernel.org,
anthony.l.nguyen@...el.com, jesse.brandeburg@...el.com,
qi.z.zhang@...el.com, ivecera@...hat.com, sridhar.samudrala@...el.com,
horms@...nel.org, edumazet@...gle.com, davem@...emloft.net,
pabeni@...hat.com
Subject: Re: [PATCH iwl-next v9 00/15] Introduce the Parser Library
On Mon, 4 Sep 2023 10:14:40 +0800 Junfeng Guo wrote:
> Current software architecture for flow filtering offloading limited
> the capability of Intel Ethernet 800 Series Dynamic Device
> Personalization (DDP) Package. The flow filtering offloading in the
> driver is enabled based on the naming parsers, each flow pattern is
> represented by a protocol header stack. And there are multiple layers
> (e.g., virtchnl) to maintain their own enum/macro/structure
> to represent a protocol header (IP, TCP, UDP ...), thus the extra
> parsers to verify if a pattern is supported by hardware or not as
> well as the extra converters that to translate represents between
> different layers. Every time a new protocol/field is requested to be
> supported, the corresponding logic for the parsers and the converters
> needs to be modified accordingly. Thus, huge & redundant efforts are
> required to support the increasing flow filtering offloading features,
> especially for the tunnel types flow filtering.
Are you talking about problems internal to ICE or the flower interface?
> This patch set provides a way for applications to send down training
> packets & masks (in binary) to the driver. Then these binary data
> would be used by the driver to generate certain data that are needed
> to create a filter rule in the filtering stage of switch/RSS/FDIR.
What's the API for the user? I see a whole bunch of functions added here
which never get called.
> Note that the impact of a malicious rule in the raw packet filter is
> limited to performance rather than functionality. It may affect the
> performance of the workload, similar to other limitations in FDIR/RSS
> on AVF. For example, there is no resource boundary for VF FDIR/RSS
> rules, so one malicious VF could potentially make other VFs
> inefficient in offloading.
>
> The parser library is expected to include boundary checks to prevent
> critical errors such as infinite loops or segmentation faults.
> However, only implementing and validating the parser emulator in a
> sandbox environment (like ebpf) presents a challenge.
>
> The idea is to make the driver be able to learn from the DDP package
> directly to understand how the hardware parser works (i.e., the
> Parser Library), so that it can process on the raw training packet
> (in binary) directly and create the filter rule accordingly.
No idea what this means in terms of the larger networking stack.
> Based on this Parser Library, the raw flow filtering of
> switch/RSS/FDIR could be enabled to allow new flow filtering
> offloading features to be supported without any driver changes (only
> need to update the DDP package).
Sounds like you are talking about some vague "vision" rather than
the code you're actually posting.
Given that you've posted 5 versions of this to netdev and got no
notable comments, please don't CC netdev on the next version
until you get some reviews inside Intel. Stuff like:
+#define ICE_ERR_NOT_IMPL -1
should get caught by internal review.
Powered by blists - more mailing lists