lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1694621836.git.petrm@nvidia.com>
Date: Wed, 13 Sep 2023 18:40:44 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Ido Schimmel <idosch@...dia.com>, Petr Machata <petrm@...dia.com>, "Amit
 Cohen" <amcohen@...dia.com>, <mlxsw@...dia.com>
Subject: [PATCH net-next 0/3] mlxsw: Improve blocks selection for IPv6 multicast forwarding

Amit Cohen writes:

The driver configures two ACL regions during initialization, these regions
are used for IPv4 and IPv6 multicast forwarding. Entries residing in these
two regions match on the {SIP, DIP, VRID} key elements.

Currently for IPv6 region, 9 key blocks are used. This can be improved by
reducing the amount key blocks needed for the IPv6 region to 8. It is
possible to use key blocks that mix subsets of the VRID element with
subsets of the DIP element.

To make this happen, we have to take in account the algorithm that chooses
which key blocks will be used. It is lazy and not the optimal one as it is
a complex task. It searches the block that contains the most elements that
are required, chooses it, removes the elements that appear in the chosen
block and starts again searching the block that contains the most elements.

To optimize the nubmber of the blocks for IPv6 multicast forwarding, handle
the following:

1. Add support for key blocks that mix subsets of the VRID element with
subsets of the DIP element.

2. Prevent the algorithm from chosing another blocks for VRID.
Currently, we have the block 'ipv4_4' which contains 2 sub-elements of
VRID. With the existing algorithm, this block might be chosen, then 8
blocks must be chosen for SIP and DIP and we will get 9 blocks to match on
{SIP, DIP, VRID}. Therefore, replace this block with a new block 'ipv4_5'
that contains 1 element for VRID, this will not be chosen for IPv6 as VRID
element will be broken to several sub-elements. In this way we can get 8
blocks for IPv6 multicast forwarding.

This improvement was tested and indeed 8 blocks are used instead of 9.

Patch set overview:
Patch #1 adds 'ipv4_5' flex key and changes the driver to use it instead
of 'ipv4_4'.
Patch #2 replaces 'ipv4_4b' with 'ipv4_5b', to be consistent.
Patch #3 extends some key blocks to include subsets of the VRID element
and handles the required changes to use these key blocks.

Amit Cohen (3):
  mlxsw: Add 'ipv4_5' flex key
  mlxsw: spectrum_acl_flex_keys: Add 'ipv4_5b' flex key
  mlxsw: Edit IPv6 key blocks to use one less block for multicast
    forwarding

 .../mellanox/mlxsw/core_acl_flex_keys.c       |  6 ++++--
 .../mellanox/mlxsw/core_acl_flex_keys.h       |  6 ++++--
 .../mellanox/mlxsw/spectrum2_mr_tcam.c        | 20 +++++++++++--------
 .../mellanox/mlxsw/spectrum_acl_flex_keys.c   | 18 +++++++++--------
 4 files changed, 30 insertions(+), 20 deletions(-)

-- 
2.41.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ