| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Sep 2023 18:40:44 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Ido Schimmel <idosch@...dia.com>, Petr Machata <petrm@...dia.com>, "Amit
Cohen" <amcohen@...dia.com>, <mlxsw@...dia.com>
Subject: [PATCH net-next 0/3] mlxsw: Improve blocks selection for IPv6 multicast forwarding
Amit Cohen writes:
The driver configures two ACL regions during initialization, these regions
are used for IPv4 and IPv6 multicast forwarding. Entries residing in these
two regions match on the {SIP, DIP, VRID} key elements.
Currently for IPv6 region, 9 key blocks are used. This can be improved by
reducing the amount key blocks needed for the IPv6 region to 8. It is
possible to use key blocks that mix subsets of the VRID element with
subsets of the DIP element.
To make this happen, we have to take in account the algorithm that chooses
which key blocks will be used. It is lazy and not the optimal one as it is
a complex task. It searches the block that contains the most elements that
are required, chooses it, removes the elements that appear in the chosen
block and starts again searching the block that contains the most elements.
To optimize the nubmber of the blocks for IPv6 multicast forwarding, handle
the following:
1. Add support for key blocks that mix subsets of the VRID element with
subsets of the DIP element.
2. Prevent the algorithm from chosing another blocks for VRID.
Currently, we have the block 'ipv4_4' which contains 2 sub-elements of
VRID. With the existing algorithm, this block might be chosen, then 8
blocks must be chosen for SIP and DIP and we will get 9 blocks to match on
{SIP, DIP, VRID}. Therefore, replace this block with a new block 'ipv4_5'
that contains 1 element for VRID, this will not be chosen for IPv6 as VRID
element will be broken to several sub-elements. In this way we can get 8
blocks for IPv6 multicast forwarding.
This improvement was tested and indeed 8 blocks are used instead of 9.
Patch set overview:
Patch #1 adds 'ipv4_5' flex key and changes the driver to use it instead
of 'ipv4_4'.
Patch #2 replaces 'ipv4_4b' with 'ipv4_5b', to be consistent.
Patch #3 extends some key blocks to include subsets of the VRID element
and handles the required changes to use these key blocks.
Amit Cohen (3):
mlxsw: Add 'ipv4_5' flex key
mlxsw: spectrum_acl_flex_keys: Add 'ipv4_5b' flex key
mlxsw: Edit IPv6 key blocks to use one less block for multicast
forwarding
.../mellanox/mlxsw/core_acl_flex_keys.c | 6 ++++--
.../mellanox/mlxsw/core_acl_flex_keys.h | 6 ++++--
.../mellanox/mlxsw/spectrum2_mr_tcam.c | 20 +++++++++++--------
.../mellanox/mlxsw/spectrum_acl_flex_keys.c | 18 +++++++++--------
4 files changed, 30 insertions(+), 20 deletions(-)
--
2.41.0
Powered by blists - more mailing lists