From: Paolo Abeni <pabeni@redhat.com>
To: Or Gerlitz <gerlitz.or@gmail.com>, Jiri Benc <jbenc@redhat.com>
Cc: Simon Horman <simon.horman@netronome.com>,
David Miller <davem@davemloft.net>,
Jakub Kicinski <jakub.kicinski@netronome.com>,
Linux Netdev List <netdev@vger.kernel.org>,
oss-drivers@netronome.com,
John Hurley <john.hurley@netronome.com>,
Paul Blakey <paulb@mellanox.com>, Jiri Pirko <jiri@mellanox.com>,
Roi Dayan <roid@mellanox.com>
Subject: Re: [PATCH net-next 0/7] nfp: flower vxlan tunnel offload
Date: Tue, 26 Sep 2017 16:50:10 +0200 [thread overview]
Message-ID: <1506437410.2643.17.camel@redhat.com> (raw)
In-Reply-To: <CAJ3xEMjOkF7vKHY=+q1dHXGdsyEXFPUa6dsGD_-M3+TX=DNouA@mail.gmail.com>
On Tue, 2017-09-26 at 17:17 +0300, Or Gerlitz wrote:
> On Tue, Sep 26, 2017 at 3:51 PM, Jiri Benc <jbenc@redhat.com> wrote:
> > On Tue, 26 Sep 2017 15:41:37 +0300, Or Gerlitz wrote:
> > > Please note that the way the rule is being set to the HW driver is by delegation
> > > done in flower, see these commits (specifically "Add offload support
> > > using egress Hardware device")
> >
> > It's very well possible the bug is somewhere in net/sched.
>
> maybe before/instead you call it a bug, take a look on the design
> there and maybe
> tell us how to possibly do that otherwise?
The problem, AFAICT, is in the API between flower and NIC implementing
the offload, because in the above example the kernel will call the
offload hook with exactly the same arguments with the 'bad' rule and
the 'good' one - but the 'bad' rule should never match any packets.
I think that can be fixed changing the flower code to invoke the
offload hook for filters with tunnel-based match only if the device
specified in such match has the appropriate type, e.g. given that
currently only vxlan is supported with something like the code below
(very rough and untested, just to give the idea):
Cheers,
Paolo
---
diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index d230cb4c8094..ff8476e56d4e 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -243,10 +243,11 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
struct fl_flow_key *mask,
struct cls_fl_filter *f)
{
- struct net_device *dev = tp->q->dev_queue->dev;
+ struct net_device *ingress_dev, *dev = tp->q->dev_queue->dev;
struct tc_cls_flower_offload cls_flower = {};
int err;
+ ingress_dev = dev;
if (!tc_can_offload(dev)) {
if (tcf_exts_get_dev(dev, &f->exts, &f->hw_dev) ||
(f->hw_dev && !tc_can_offload(f->hw_dev))) {
@@ -259,6 +260,12 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
f->hw_dev = dev;
}
+ if ((dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_ENC_KEYID) ||
+ dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_ENC_PORTS) ||
+ // ... list all the others tunnel based keys ...
+ ) && strcmp(ingress_dev->rtnl_link_ops->kind, "vxlan"))
+ return tc_skip_sw(f->flags) ? -EINVAL : 0;
+
next prev parent reply other threads:[~2017-09-26 14:50 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-25 10:23 [PATCH net-next 0/7] nfp: flower vxlan tunnel offload Simon Horman
2017-09-25 10:23 ` [PATCH net-next 1/7] nfp: add helper to get flower cmsg length Simon Horman
2017-09-25 10:23 ` [PATCH net-next 2/7] nfp: compile flower vxlan tunnel metadata match fields Simon Horman
2017-09-25 18:35 ` Or Gerlitz
2017-09-26 13:58 ` John Hurley
2017-09-26 14:12 ` Or Gerlitz
2017-09-26 15:11 ` John Hurley
2017-09-26 15:33 ` Or Gerlitz
2017-09-26 15:39 ` John Hurley
2017-09-25 10:23 ` [PATCH net-next 3/7] nfp: compile flower vxlan tunnel set actions Simon Horman
2017-09-25 10:23 ` [PATCH net-next 4/7] nfp: offload flower vxlan endpoint MAC addresses Simon Horman
2017-09-25 10:23 ` [PATCH net-next 5/7] nfp: offload vxlan IPv4 endpoints of flower rules Simon Horman
2017-09-25 10:23 ` [PATCH net-next 6/7] nfp: flower vxlan neighbour offload Simon Horman
2017-09-25 10:23 ` [PATCH net-next 7/7] nfp: flower vxlan neighbour keep-alive Simon Horman
2017-09-25 18:32 ` Or Gerlitz
[not found] ` <CAK+XE=mVKbAqYwSYvLb0y48O9D-Oq+B_bks7c9iwjsm0j7oYvw@mail.gmail.com>
2017-09-26 9:37 ` John Hurley
2017-09-26 12:44 ` Or Gerlitz
2017-09-25 11:00 ` [PATCH net-next 0/7] nfp: flower vxlan tunnel offload Jakub Kicinski
2017-09-25 15:25 ` Or Gerlitz
2017-09-25 17:04 ` Simon Horman
2017-09-26 10:15 ` Jiri Benc
2017-09-26 12:41 ` Or Gerlitz
2017-09-26 12:51 ` Jiri Benc
2017-09-26 14:17 ` Or Gerlitz
2017-09-26 14:31 ` Jiri Benc
2017-09-26 14:50 ` Paolo Abeni [this message]
2017-09-27 7:40 ` Jiri Pirko
2017-09-27 4:29 ` David Miller
2017-09-27 7:27 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1506437410.2643.17.camel@redhat.com \
--to=pabeni@redhat.com \
--cc=davem@davemloft.net \
--cc=gerlitz.or@gmail.com \
--cc=jakub.kicinski@netronome.com \
--cc=jbenc@redhat.com \
--cc=jiri@mellanox.com \
--cc=john.hurley@netronome.com \
--cc=netdev@vger.kernel.org \
--cc=oss-drivers@netronome.com \
--cc=paulb@mellanox.com \
--cc=roid@mellanox.com \
--cc=simon.horman@netronome.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).