From: Ido Schimmel <idosch@idosch.org>
To: dsatish <satish.d@oneconvergence.com>
Cc: davem@davemloft.net, jhs@mojatatu.com, xiyou.wangcong@gmail.com,
jiri@resnulli.us, kuba@kernel.org, netdev@vger.kernel.org,
simon.horman@netronome.com, kesavac@gmail.com,
prathibha.nagooru@oneconvergence.com,
intiyaz.basha@oneconvergence.com, jai.rana@oneconvergence.com
Subject: Re: [PATCH net-next 2/3] cls_flower: Pass the unmasked key to hw
Date: Fri, 19 Jun 2020 16:14:17 +0300 [thread overview]
Message-ID: <20200619131417.GA400561@splinter> (raw)
In-Reply-To: <20200619094156.31184-3-satish.d@oneconvergence.com>
On Fri, Jun 19, 2020 at 03:11:55PM +0530, dsatish wrote:
> Pass the unmasked key along with the masked key to the hardware.
> This enables hardware to manage its own tables better based on the
> hardware features/capabilities.
How? Which hardware? You did not patch a single driver...
Are you familiar with chain templates? I think it might help:
https://github.com/Mellanox/mlxsw/wiki/ACLs#chain-templates
>
> Signed-off-by: Chandra Kesava <kesavac@gmail.com>
> Signed-off-by: Prathibha Nagooru <prathibha.nagooru@oneconvergence.com>
> Signed-off-by: Satish Dhote <satish.d@oneconvergence.com>
> ---
> include/net/flow_offload.h | 45 ++++++++++
> net/core/flow_offload.c | 171 +++++++++++++++++++++++++++++++++++++
> net/sched/cls_flower.c | 43 ++++++++++
> 3 files changed, 259 insertions(+)
>
> diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
> index f2c8311a0433..26c6bd6bdb98 100644
> --- a/include/net/flow_offload.h
> +++ b/include/net/flow_offload.h
> @@ -11,6 +11,8 @@ struct flow_match {
> struct flow_dissector *dissector;
> void *mask;
> void *key;
> + void *unmasked_key;
> + struct flow_dissector *unmasked_key_dissector;
> };
>
> struct flow_match_meta {
> @@ -118,6 +120,49 @@ void flow_rule_match_enc_opts(const struct flow_rule *rule,
> void flow_rule_match_ct(const struct flow_rule *rule,
> struct flow_match_ct *out);
>
> +void flow_rule_match_unmasked_key_meta(const struct flow_rule *rule,
> + struct flow_match_meta *out);
> +void flow_rule_match_unmasked_key_basic(const struct flow_rule *rule,
> + struct flow_match_basic *out);
> +void flow_rule_match_unmasked_key_control(const struct flow_rule *rule,
> + struct flow_match_control *out);
> +void flow_rule_match_unmasked_key_eth_addrs(const struct flow_rule *rule,
> + struct flow_match_eth_addrs *out);
> +void flow_rule_match_unmasked_key_vlan(const struct flow_rule *rule,
> + struct flow_match_vlan *out);
> +void flow_rule_match_unmasked_key_cvlan(const struct flow_rule *rule,
> + struct flow_match_vlan *out);
> +void flow_rule_match_unmasked_key_ipv4_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv4_addrs *out);
> +void flow_rule_match_unmasked_key_ipv6_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv6_addrs *out);
> +void flow_rule_match_unmasked_key_ip(const struct flow_rule *rule,
> + struct flow_match_ip *out);
> +void flow_rule_match_unmasked_key_ports(const struct flow_rule *rule,
> + struct flow_match_ports *out);
> +void flow_rule_match_unmasked_key_tcp(const struct flow_rule *rule,
> + struct flow_match_tcp *out);
> +void flow_rule_match_unmasked_key_icmp(const struct flow_rule *rule,
> + struct flow_match_icmp *out);
> +void flow_rule_match_unmasked_key_mpls(const struct flow_rule *rule,
> + struct flow_match_mpls *out);
> +void flow_rule_match_unmasked_key_enc_control(const struct flow_rule *rule,
> + struct flow_match_control *out);
> +void flow_rule_match_unmasked_key_enc_ipv4_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv4_addrs *out);
> +void flow_rule_match_unmasked_key_enc_ipv6_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv6_addrs *out);
> +void flow_rule_match_unmasked_key_enc_ip(const struct flow_rule *rule,
> + struct flow_match_ip *out);
> +void flow_rule_match_unmasked_key_enc_ports(const struct flow_rule *rule,
> + struct flow_match_ports *out);
> +void flow_rule_match_unmasked_key_enc_keyid(const struct flow_rule *rule,
> + struct flow_match_enc_keyid *out);
> +void flow_rule_match_unmasked_key_enc_opts(const struct flow_rule *rule,
> + struct flow_match_enc_opts *out);
> +void flow_rule_match_unmasked_key_ct(const struct flow_rule *rule,
> + struct flow_match_ct *out);
> +
> enum flow_action_id {
> FLOW_ACTION_ACCEPT = 0,
> FLOW_ACTION_DROP,
> diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c
> index 0cfc35e6be28..a98c31e864b1 100644
> --- a/net/core/flow_offload.c
> +++ b/net/core/flow_offload.c
> @@ -173,6 +173,177 @@ void flow_rule_match_enc_opts(const struct flow_rule *rule,
> }
> EXPORT_SYMBOL(flow_rule_match_enc_opts);
>
> +#define FLOW_UNMASKED_KEY_DISSECTOR_MATCH(__rule, __type, __out) \
> + const struct flow_match *__m = &(__rule)->match; \
> + struct flow_dissector *__d = (__m)->unmasked_key_dissector; \
> + \
> + (__out)->key = skb_flow_dissector_target(__d, __type, \
> + (__m)->unmasked_key); \
> + (__out)->mask = skb_flow_dissector_target(__d, __type, \
> + (__m)->mask) \
> +
> +void flow_rule_match_unmasked_key_meta(const struct flow_rule *rule,
> + struct flow_match_meta *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_META, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_meta);
> +
> +void
> +flow_rule_match_unmasked_key_basic(const struct flow_rule *rule,
> + struct flow_match_basic *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_BASIC, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_basic);
> +
> +void flow_rule_match_unmasked_key_control(const struct flow_rule *rule,
> + struct flow_match_control *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CONTROL,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_control);
> +
> +void flow_rule_match_unmasked_key_eth_addrs(const struct flow_rule *rule,
> + struct flow_match_eth_addrs *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_eth_addrs);
> +
> +void flow_rule_match_unmasked_key_vlan(const struct flow_rule *rule,
> + struct flow_match_vlan *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_VLAN, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_vlan);
> +
> +void flow_rule_match_unmasked_key_cvlan(const struct flow_rule *rule,
> + struct flow_match_vlan *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CVLAN, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_cvlan);
> +
> +void flow_rule_match_unmasked_key_ipv4_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv4_addrs *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_ipv4_addrs);
> +
> +void flow_rule_match_unmasked_key_ipv6_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv6_addrs *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_ipv6_addrs);
> +
> +void flow_rule_match_unmasked_key_ip(const struct flow_rule *rule,
> + struct flow_match_ip *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IP, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_ip);
> +
> +void flow_rule_match_unmasked_key_ports(const struct flow_rule *rule,
> + struct flow_match_ports *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_ports);
> +
> +void flow_rule_match_unmasked_key_tcp(const struct flow_rule *rule,
> + struct flow_match_tcp *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_TCP, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_tcp);
> +
> +void flow_rule_match_unmasked_key_icmp(const struct flow_rule *rule,
> + struct flow_match_icmp *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ICMP, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_icmp);
> +
> +void flow_rule_match_unmasked_key_mpls(const struct flow_rule *rule,
> + struct flow_match_mpls *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_MPLS, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_mpls);
> +
> +void flow_rule_match_unmasked_key_enc_control(const struct flow_rule *rule,
> + struct flow_match_control *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_control);
> +
> +void
> +flow_rule_match_unmasked_key_enc_ipv4_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv4_addrs *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule,
> + FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_ipv4_addrs);
> +
> +void
> +flow_rule_match_unmasked_key_enc_ipv6_addrs(const struct flow_rule *rule,
> + struct flow_match_ipv6_addrs *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule,
> + FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_ipv6_addrs);
> +
> +void flow_rule_match_unmasked_key_enc_ip(const struct flow_rule *rule,
> + struct flow_match_ip *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IP, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_ip);
> +
> +void flow_rule_match_unmasked_key_enc_ports(const struct flow_rule *rule,
> + struct flow_match_ports *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_PORTS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_ports);
> +
> +void flow_rule_match_unmasked_key_enc_keyid(const struct flow_rule *rule,
> + struct flow_match_enc_keyid *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_KEYID,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_keyid);
> +
> +void flow_rule_match_unmasked_key_enc_opts(const struct flow_rule *rule,
> + struct flow_match_enc_opts *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_OPTS,
> + out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_enc_opts);
> +
> +void flow_rule_match_unmasked_key_ct(const struct flow_rule *rule,
> + struct flow_match_ct *out)
> +{
> + FLOW_UNMASKED_KEY_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CT, out);
> +}
> +EXPORT_SYMBOL(flow_rule_match_unmasked_key_ct);
> +
> struct flow_action_cookie *flow_action_cookie_create(void *data,
> unsigned int len,
> gfp_t gfp)
> diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
> index 64b70d396397..f1a5352cbb04 100644
> --- a/net/sched/cls_flower.c
> +++ b/net/sched/cls_flower.c
> @@ -121,6 +121,7 @@ struct cls_fl_filter {
> */
> refcount_t refcnt;
> bool deleted;
> + struct flow_dissector unmasked_key_dissector;
> };
>
> static const struct rhashtable_params mask_ht_params = {
> @@ -449,6 +450,13 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
> cls_flower.rule->match.key = &f->mkey;
> cls_flower.classid = f->res.classid;
>
> + /* Pass unmasked key and corresponding dissector also to the driver,
> + * hardware may optimize its flow table based on its capabilities.
> + */
> + cls_flower.rule->match.unmasked_key = &f->key;
> + cls_flower.rule->match.unmasked_key_dissector =
> + &f->unmasked_key_dissector;
> +
> err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
> if (err) {
> kfree(cls_flower.rule);
> @@ -1753,6 +1761,39 @@ static void fl_init_dissector(struct flow_dissector *dissector,
> skb_flow_dissector_init(dissector, keys, cnt);
> }
>
> +/* Initialize dissector for unmasked key. */
> +static void fl_init_unmasked_key_dissector(struct flow_dissector *dissector)
> +{
> + struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
> + size_t cnt = 0;
> +
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_META, meta);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_IP, ip);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_TCP, tcp);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ICMP, icmp);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ARP, arp);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_MPLS, mpls);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_VLAN, vlan);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CVLAN, cvlan);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL, enc_control);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
> + FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CT, ct);
> +
> + skb_flow_dissector_init(dissector, keys, cnt);
> +}
> +
> static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
> struct fl_flow_mask *mask)
> {
> @@ -1980,6 +2021,8 @@ static int fl_change(struct net *net, struct sk_buff *in_skb,
> if (err)
> goto errout;
>
> + fl_init_unmasked_key_dissector(&fnew->unmasked_key_dissector);
> +
> err = fl_ht_insert_unique(fnew, fold, &in_ht);
> if (err)
> goto errout_mask;
> --
> 2.17.1
>
next prev parent reply other threads:[~2020-06-19 13:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 9:41 [PATCH net-next 0/3] cls_flower: Offload unmasked key dsatish
2020-06-19 9:41 ` [PATCH net-next 1/3] cls_flower: Set addr_type when ip mask is non-zero dsatish
2020-06-19 9:41 ` [PATCH net-next 2/3] cls_flower: Pass the unmasked key to hw dsatish
2020-06-19 13:14 ` Ido Schimmel [this message]
2020-06-19 14:00 ` Jiri Pirko
2020-06-19 9:41 ` [PATCH net-next 3/3] cls_flower: Allow flow offloading though masked key exist dsatish
2020-06-19 13:35 ` Ido Schimmel
2020-06-19 14:01 ` Jiri Pirko
2020-06-19 16:15 ` Vlad Buslov
2020-06-19 20:12 ` [PATCH net-next 0/3] cls_flower: Offload unmasked key David Miller
2020-06-30 3:09 ` Satish
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200619131417.GA400561@splinter \
--to=idosch@idosch.org \
--cc=davem@davemloft.net \
--cc=intiyaz.basha@oneconvergence.com \
--cc=jai.rana@oneconvergence.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kesavac@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=prathibha.nagooru@oneconvergence.com \
--cc=satish.d@oneconvergence.com \
--cc=simon.horman@netronome.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.