Re: [PATCH net-next] net: mscc: ocelot: deal with problematic MAC_ETYPE VCAP IS2 rules

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ido Schimmel <idosch@idosch.org>
To: "Allan W. Nielsen" <allan.nielsen@microchip.com>
Cc: Vladimir Oltean <olteanv@gmail.com>,
	davem@davemloft.net, horatiu.vultur@microchip.com,
	alexandre.belloni@bootlin.com, antoine.tenart@bootlin.com,
	andrew@lunn.ch, f.fainelli@gmail.com, vivien.didelot@gmail.com,
	joergen.andreasen@microchip.com, claudiu.manoil@nxp.com,
	netdev@vger.kernel.org, UNGLinuxDriver@microchip.com,
	alexandru.marginean@nxp.com, xiaoliang.yang_1@nxp.com,
	yangbo.lu@nxp.com, po.liu@nxp.com, jiri@mellanox.com,
	kuba@kernel.org
Subject: Re: [PATCH net-next] net: mscc: ocelot: deal with problematic MAC_ETYPE VCAP IS2 rules
Date: Sun, 19 Apr 2020 11:30:32 +0300	[thread overview]
Message-ID: <20200419083032.GA3479405@splinter> (raw)
In-Reply-To: <20200419073307.uhm3w2jhsczpchvi@ws.localdomain>

On Sun, Apr 19, 2020 at 09:33:07AM +0200, Allan W. Nielsen wrote:
> Hi,
> 
> Sorry I did not manage to provide feedback before it was merged (I will
> need to consult some of my colleagues Monday before I can provide the
> foll feedback).
> 
> There are many good things in this patch, but it is not only good.
> 
> The problem is that these TCAMs/VCAPs are insanely complicated and it is
> really hard to make them fit nicely into the existing tc frame-work
> (being hard does not mean that we should not try).
> 
> In this patch, you try to automatic figure out who the user want the
> TCAM to be configured. It works for 1 use-case but it breaks others.
> 
> Before this patch you could do a:
>     tc filter add dev swp0 ingress protocol ipv4 \
>             flower skip_sw src_ip 10.0.0.1 action drop
>     tc filter add dev swp0 ingress \
>             flower skip_sw src_mac 96:18:82:00:04:01 action drop
> 
> But the second rule would not apply to the ICMP over IPv4 over Ethernet
> packet, it would however apply to non-IP packets.
> 
> With this patch it not possible. Your use-case is more common, but the
> other one is not unrealistic.
> 
> My concern with this, is that I do not think it is possible to automatic
> detect how these TCAMs needs to be configured by only looking at the
> rules installed by the user. Trying to do this automatic, also makes the
> TCAM logic even harder to understand for the user.
> 
> I would prefer that we by default uses some conservative default
> settings which are easy to understand, and then expose some expert
> settings in the sysfs, which can be used to achieve different
> behavioral.
> 
> Maybe forcing MAC_ETYPE matches is the most conservative and easiest to
> understand default.
> 
> But I do seem to recall that there is a way to allow matching on both
> SMAC and SIP (your original motivation). This may be a better default
> (despite that it consumes more TCAM resources). I will follow up and
> check if this is possible.
> 
> Vladimir (and anyone else whom interested): would you be interested in
> spending some time discussion the more high-level architectures and
> use-cases on how to best integrate this TCAM architecture into the Linux
> kernel. Not sure on the outlook for the various conferences, but we
> could arrange some online session to discuss this.

Not sure I completely understand the difficulties you are facing, but it
sounds similar to a problem we had in mlxsw. You might want to look into
"chain templates" [1] in order to restrict the keys that can be used
simultaneously.

I don't mind participating in an online discussion if you think it can
help.

[1] https://github.com/Mellanox/mlxsw/wiki/ACLs#chain-templates

next prev parent reply	other threads:[~2020-04-19  8:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-17 19:03 [PATCH net-next] net: mscc: ocelot: deal with problematic MAC_ETYPE VCAP IS2 rules Vladimir Oltean
2020-04-18 22:54 ` David Miller
2020-04-19  7:33 ` Allan W. Nielsen
2020-04-19  8:30   ` Ido Schimmel [this message]
2020-04-19 12:47     ` Vladimir Oltean
2020-04-19 13:51       ` Ido Schimmel
2020-04-19 14:12         ` Vladimir Oltean
2020-04-20 10:06         ` Jiri Pirko
2020-04-19 18:16       ` Allan W. Nielsen
2020-04-19 18:01     ` Allan W. Nielsen
2020-04-19 14:20   ` Vladimir Oltean
2020-04-19 18:25     ` Allan W. Nielsen
2020-04-20  0:03       ` Vladimir Oltean
2020-04-20  7:12       ` Ido Schimmel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200419083032.GA3479405@splinter \
    --to=idosch@idosch.org \
    --cc=UNGLinuxDriver@microchip.com \
    --cc=alexandre.belloni@bootlin.com \
    --cc=alexandru.marginean@nxp.com \
    --cc=allan.nielsen@microchip.com \
    --cc=andrew@lunn.ch \
    --cc=antoine.tenart@bootlin.com \
    --cc=claudiu.manoil@nxp.com \
    --cc=davem@davemloft.net \
    --cc=f.fainelli@gmail.com \
    --cc=horatiu.vultur@microchip.com \
    --cc=jiri@mellanox.com \
    --cc=joergen.andreasen@microchip.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=olteanv@gmail.com \
    --cc=po.liu@nxp.com \
    --cc=vivien.didelot@gmail.com \
    --cc=xiaoliang.yang_1@nxp.com \
    --cc=yangbo.lu@nxp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.