lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 3 Oct 2023 07:49:15 +0000
From: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>
To: "Staikov, Andrii" <andrii.staikov@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "Staikov, Andrii"
	<andrii.staikov@...el.com>
Subject: RE: [Intel-wired-lan] [PATCH iwl-next v2] ice: Add support for packet
 mirroring using hardware in switchdev mode

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of
> Andrii Staikov
> Sent: Tuesday, September 12, 2023 3:00 PM
> To: intel-wired-lan@...ts.osuosl.org
> Cc: netdev@...r.kernel.org; Staikov, Andrii <andrii.staikov@...el.com>
> Subject: [Intel-wired-lan] [PATCH iwl-next v2] ice: Add support for packet
> mirroring using hardware in switchdev mode
> 
> Switchdev mode allows to add mirroring rules to mirror incoming and
> outgoing packets to the interface's port representor. Previously, this was
> available only using software functionality. Add possibility to offload this
> functionality to the NIC hardware.
> 
> Introduce ICE_MIRROR_PACKET filter action to the ice_sw_fwd_act_type
> enum to identify the desired action and pass it to the hardware as well as the
> VSI to mirror.
> 
> Example of tc mirror command using hardware:
> tc filter add dev ens1f0np0 ingress protocol ip prio 1 flower src_mac
> b4:96:91:a5:c7:a7 skip_sw action mirred egress mirror dev eth1
> 
> ens1f0np0 - PF
> b4:96:91:a5:c7:a7 - source MAC address
> eth1 - PR of a VF to mirror to
> 
> Signed-off-by: Andrii Staikov <andrii.staikov@...el.com>
> ---
> v1 -> v2: no need for changes in ice_add_tc_flower_adv_fltr()
> ---
>  drivers/net/ethernet/intel/ice/ice_switch.c | 25 +++++++++++++++------
> drivers/net/ethernet/intel/ice/ice_tc_lib.c | 13 +++++++++++
>  drivers/net/ethernet/intel/ice/ice_type.h   |  1 +
>  3 files changed, 32 insertions(+), 7 deletions(-)
> 

Tested this patch with HW offload enabled on both PF and VF. Packet mirroring is working on the PF but it fails on the packets originating from VF.

Configured below mirror rules for mirroring the packets from both PF1 and VF1 to VF2.

tc filter add dev $PF1 ingress protocol ip prio 1 flower src_mac b4:96:91:9f:64:08 skip_sw action mirred egress mirror dev $VF2_PR
tc filter add dev $VF1_PR ingress protocol ip prio 1 flower src_mac 52:54:00:00:16:01 skip_sw action mirred egress mirror dev $VF2_PR

With the above mirror rules, the packets from PF got mirrored to VF2. But packets originating from VF1 are not seen in VF2.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ