Re: [Intel-wired-lan] [PATCH iwl-next v9 00/15] Introduce the Parser Library

From: Jakub Kicinski <kuba@kernel.org>
To: Junfeng Guo <junfeng.guo@intel.com>
Cc: ivecera@redhat.com, netdev@vger.kernel.org,
	jesse.brandeburg@intel.com, edumazet@google.com,
	anthony.l.nguyen@intel.com, horms@kernel.org,
	qi.z.zhang@intel.com, intel-wired-lan@lists.osuosl.org,
	pabeni@redhat.com, davem@davemloft.net
Subject: Re: [Intel-wired-lan] [PATCH iwl-next v9 00/15] Introduce the Parser Library
Date: Tue, 5 Sep 2023 15:37:34 -0700	[thread overview]
Message-ID: <20230905153734.18b9bc84@kernel.org> (raw)
In-Reply-To: <20230904021455.3944605-1-junfeng.guo@intel.com>

On Mon,  4 Sep 2023 10:14:40 +0800 Junfeng Guo wrote:
> Current software architecture for flow filtering offloading limited
> the capability of Intel Ethernet 800 Series Dynamic Device
> Personalization (DDP) Package. The flow filtering offloading in the
> driver is enabled based on the naming parsers, each flow pattern is
> represented by a protocol header stack. And there are multiple layers
> (e.g., virtchnl) to maintain their own enum/macro/structure
> to represent a protocol header (IP, TCP, UDP ...), thus the extra
> parsers to verify if a pattern is supported by hardware or not as
> well as the extra converters that to translate represents between
> different layers. Every time a new protocol/field is requested to be
> supported, the corresponding logic for the parsers and the converters
> needs to be modified accordingly. Thus, huge & redundant efforts are
> required to support the increasing flow filtering offloading features,
> especially for the tunnel types flow filtering.

Are you talking about problems internal to ICE or the flower interface?

> This patch set provides a way for applications to send down training
> packets & masks (in binary) to the driver. Then these binary data
> would be used by the driver to generate certain data that are needed
> to create a filter rule in the filtering stage of switch/RSS/FDIR.

What's the API for the user? I see a whole bunch of functions added here
which never get called.

> Note that the impact of a malicious rule in the raw packet filter is
> limited to performance rather than functionality. It may affect the
> performance of the workload, similar to other limitations in FDIR/RSS
> on AVF. For example, there is no resource boundary for VF FDIR/RSS
> rules, so one malicious VF could potentially make other VFs
> inefficient in offloading.
> 
> The parser library is expected to include boundary checks to prevent
> critical errors such as infinite loops or segmentation faults.
> However, only implementing and validating the parser emulator in a
> sandbox environment (like ebpf) presents a challenge.
> 
> The idea is to make the driver be able to learn from the DDP package
> directly to understand how the hardware parser works (i.e., the
> Parser Library), so that it can process on the raw training packet
> (in binary) directly and create the filter rule accordingly.

No idea what this means in terms of the larger networking stack.

> Based on this Parser Library, the raw flow filtering of
> switch/RSS/FDIR could be enabled to allow new flow filtering
> offloading features to be supported without any driver changes (only
> need to update the DDP package).

Sounds like you are talking about some vague "vision" rather than 
the code you're actually posting.

Given that you've posted 5 versions of this to netdev and got no
notable comments, please don't CC netdev on the next version
until you get some reviews inside Intel. Stuff like:

+#define ICE_ERR_NOT_IMPL		-1

should get caught by internal review.
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan