lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 18 Dec 2023 12:21:30 +0000
From: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>
To: "Staikov, Andrii" <andrii.staikov@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "Szycik, Marcin"
	<marcin.szycik@...el.com>, "Drewek, Wojciech" <wojciech.drewek@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Staikov,
 Andrii" <andrii.staikov@...el.com>
Subject: RE: [Intel-wired-lan] [PATCH iwl-next v6] ice: Add support for packet
 mirroring using hardware in switchdev mode

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of
> Andrii Staikov
> Sent: Tuesday, December 12, 2023 6:21 PM
> To: intel-wired-lan@...ts.osuosl.org
> Cc: netdev@...r.kernel.org; Szycik, Marcin <marcin.szycik@...el.com>;
> Drewek, Wojciech <wojciech.drewek@...el.com>; linux-
> kernel@...r.kernel.org; Staikov, Andrii <andrii.staikov@...el.com>
> Subject: [Intel-wired-lan] [PATCH iwl-next v6] ice: Add support for packet
> mirroring using hardware in switchdev mode
> 
> Switchdev mode allows to add mirroring rules to mirror incoming and
> outgoing packets to the interface's port representor. Previously, this was
> available only using software functionality. Add possibility to offload this
> functionality to the NIC hardware.
> 
> Introduce ICE_MIRROR_PACKET filter action to the ice_sw_fwd_act_type
> enum to identify the desired action and pass it to the hardware as well as the
> VSI to mirror.
> 
> Example of tc mirror command using hardware:
>   tc filter add dev ens1f0np0 ingress protocol ip prio 1 flower src_mac
>   b4:96:91:a5:c7:a7 skip_sw action mirred egress mirror dev eth1
> 
> ens1f0np0 - PF
> b4:96:91:a5:c7:a7 - source MAC address
> eth1 - PR of a VF to mirror to
> 
> Co-developed-by: Marcin Szycik <marcin.szycik@...el.com>
> Signed-off-by: Marcin Szycik <marcin.szycik@...el.com>
> Reviewed-by: Wojciech Drewek <wojciech.drewek@...el.com>
> Signed-off-by: Andrii Staikov <andrii.staikov@...el.com>
> ---
> v1 -> v2: no need for changes in ice_add_tc_flower_adv_fltr()
> v2 -> v3: add another if branch for netif_is_ice(act->dev) ||
> ice_is_tunnel_supported(act->dev) for FLOW_ACTION_MIRRED action and
> add direction rules for filters
> v3 -> v4: move setting mirroring into dedicated function
> ice_tc_setup_mirror_action()
> v4 -> v5: Fix packets not mirroring from VF to VF by changing
> ICE_ESWITCH_FLTR_INGRESS to ICE_ESWITCH_FLTR_EGRESS where needed
> v5 -> v6: Additionally fix some tags
> ---
>  drivers/net/ethernet/intel/ice/ice_switch.c | 25 +++++++++----
> drivers/net/ethernet/intel/ice/ice_tc_lib.c | 41 +++++++++++++++++++++
>  drivers/net/ethernet/intel/ice/ice_type.h   |  1 +
>  3 files changed, 60 insertions(+), 7 deletions(-)
> 
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ