lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 5 Apr 2024 10:43:04 +0200
From: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
To: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>
Cc: "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Marcin Szycik <marcin.szycik@...ux.intel.com>,
	"Kubiak, Michal" <michal.kubiak@...el.com>
Subject: Re: [Intel-wired-lan] [iwl-net v1] ice: tc: do default match on all
 profiles

On Mon, Apr 01, 2024 at 09:28:30AM +0000, Buvaneswaran, Sujai wrote:
> > -----Original Message-----
> > From: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
> > Sent: Friday, March 29, 2024 1:56 PM
> > To: Buvaneswaran, Sujai <sujai.buvaneswaran@...el.com>
> > Cc: intel-wired-lan@...ts.osuosl.org; netdev@...r.kernel.org; Marcin Szycik
> > <marcin.szycik@...ux.intel.com>; Kubiak, Michal <michal.kubiak@...el.com>
> > Subject: Re: [Intel-wired-lan] [iwl-net v1] ice: tc: do default match on all
> > profiles
> > 
> > On Mon, Mar 25, 2024 at 06:36:56AM +0000, Buvaneswaran, Sujai wrote:
> > > > -----Original Message-----
> > > > From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf
> > > > Of Michal Swiatkowski
> > > > Sent: Tuesday, March 12, 2024 4:23 PM
> > > > To: intel-wired-lan@...ts.osuosl.org
> > > > Cc: netdev@...r.kernel.org; Marcin Szycik
> > > > <marcin.szycik@...ux.intel.com>; Kubiak, Michal
> > > > <michal.kubiak@...el.com>; Michal Swiatkowski
> > > > <michal.swiatkowski@...ux.intel.com>
> > > > Subject: [Intel-wired-lan] [iwl-net v1] ice: tc: do default match on
> > > > all profiles
> > > >
> > > > A simple non-tunnel rule (e.g. matching only on destination MAC) in
> > > > hardware will be hit only if the packet isn't a tunnel. In software
> > > > execution of the same command, the rule will match both tunnel and
> > non-tunnel packets.
> > > >
> > > > Change the hardware behaviour to match tunnel and non-tunnel packets
> > > > in this case. Do this by considering all profiles when adding
> > > > non-tunnel rule (rule not added on tunnel, or not redirecting to tunnel).
> > > >
> > > > Example command:
> > > > tc filter add dev pf0 ingress protocol ip flower skip_sw action mirred \
> > > > 	egress redirect dev pr0
> > > >
> > > > It should match also tunneled packets, the same as command with
> > > > skip_hw will do in software.
> > > >
> > > > Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support")
> > > > Reviewed-by: Marcin Szycik <marcin.szycik@...ux.intel.com>
> > > > Reviewed-by: Michal Kubiak <michal.kubiak@...el.com>
> > > > Signed-off-by: Michal Swiatkowski
> > > > <michal.swiatkowski@...ux.intel.com>
> > > > ---
> > > > v1 --> v2:
> > > >  * fix commit message sugested by Marcin
> > > > ---
> > > >  drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +-
> > > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > Hi,
> > >
> > > We are seeing error while adding HW tc rules on PF with the latest net-
> > queue patches. This issue is blocking the validation of latest net-queue
> > Switchdev patches.
> > >
> > > + tc filter add dev ens5f0np0 ingress protocol ip prio 1 flower
> > > + src_mac b4:96:91:9f:65:58 dst_mac 52:54:00:00:16:01 skip_sw action
> > > + mirred egress redirect dev eth0
> > > Error: ice: Unable to add filter due to error.
> > > We have an error talking to the kernel
> > > + tc filter add dev ens5f0np0 ingress protocol ip prio 1 flower
> > > + src_mac b4:96:91:9f:65:58 dst_mac 52:54:00:00:16:02 skip_sw action
> > > + mirred egress redirect dev eth1
> > > Error: ice: Unable to add filter due to error.
> > > We have an error talking to the kernel
> > 
> > Hi,
> > 
> > The same command is working fine on my setup. I suspect that it isn't related
> > to this patch. The change is only in command validation, there is no
> > functional changes here that can cause error during adding filters which
> > previously was working fine.
> > 
> > Can you share more information about the setup? It was the first filter added
> > on the PF? Did you do sth else before checking tc?
> 
> Hi Michal,
> I have used the setup with latest upstream dev-queue kernel and this issue is observed while adding HW tc rules on PF using
> 'Script A' from below link.
> https://edc.intel.com/content/www/us/en/design/products/ethernet/appnote-e810-eswitch-switchdev-mode-config-guide/script-a-switchdev-mode-with-linux-bridge-configuration/
> 
> This issue is reproducible on two of our setups with latest upstream kernel - 6.9.0-rc1+. Please check and let me know if more information is needed.
> 

I tried script from the link and it is working. I am aware of the
problem when the same rule is being added with different destination.
Are you sure there are no more exsisting rule before calling the script?
In the script VFs are removed, but PF qdisc isn't removed. Old rule can
exsist there. I suggest to add sth like, before adding new qdiscs:
$tc qdisc del dev $PF1 ingress

I tested on 6.9.0-rc1+ kernel.

Thanks,
Michal
> Thanks,
> Sujai B
> > 
> > Thanks,
> > Michal
> > >
> > > Thanks,
> > > Sujai B

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ