| Message ID | 20241023135251.1752488-2-vladimir.oltean@nxp.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 2748697225c38a19666bba6a83afc6bf46ee16be |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | Mirroring to DSA CPU port | expand |
On Wed, Oct 23, 2024 at 04:52:46PM +0300, Vladimir Oltean wrote: > Background: switchdev ports offload the Linux bridge, and most of the > packets they handle will never see the CPU. The ports between which > there exists no hardware data path are considered 'foreign' to switchdev. > These can either be normal physical NICs without switchdev offload, or > incompatible switchdev ports, or virtual interfaces like veth/dummy/etc. > > In some cases, an offloaded filter can only do half the work, and the > rest must be handled by software. Redirecting/mirroring from the ingress > of a switchdev port towards a foreign interface is one example of > combined hardware/software data path. The most that the switchdev port > can do is to extract the matching packets from its offloaded data path > and send them to the CPU. From there on, the software filter runs > (a second time, after the first run in hardware) on the packet and > performs the mirred action. > > It makes sense for switchdev drivers which allow this kind of "half > offloading" to sense the "skip_sw" flag of the filter/action pair, and > deny attempts from the user to install a filter that does not run in > software, because that simply won't work. > > In fact, a mirred action on a switchdev port towards a dummy interface > appears to be a valid way of (selectively) monitoring offloaded traffic > that flows through it. IFF_PROMISC was also discussed years ago, but > (despite initial disagreement) there seems to be consensus that this > flag should not affect the destination taken by packets, but merely > whether or not the NIC discards packets with unknown MAC DA for local > processing. > > [1] https://lore.kernel.org/netdev/20190830092637.7f83d162@ceranb/ > [2] https://lore.kernel.org/netdev/20191002233750.13566-1-olteanv@gmail.com/ > Suggested-by: Ido Schimmel <idosch@nvidia.com> > Link: https://lore.kernel.org/netdev/ZxUo0Dc0M5Y6l9qF@shredder.mtl.com/ > Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com>
On Wed, 23 Oct 2024 16:52:46 +0300 Vladimir Oltean wrote: > The most that the switchdev port > can do is to extract the matching packets from its offloaded data path > and send them to the CPU. FTR devices implementing OVS offload can attach metadata to such packets, and then the driver does the redirect. The SW TC path is not engaged. IIRC OVS has a concept of internal ports which are "stack facing" ports in addition to the main bridge device. And in some offloaded configurations people want HW to redirect to those.
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h index 292cd8f4b762..596ab9791e4d 100644 --- a/include/net/flow_offload.h +++ b/include/net/flow_offload.h @@ -685,6 +685,7 @@ struct flow_cls_common_offload { u32 chain_index; __be16 protocol; u32 prio; + bool skip_sw; struct netlink_ext_ack *extack; }; diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index 4880b3a7aced..cf199af85c52 100644 --- a/include/net/pkt_cls.h +++ b/include/net/pkt_cls.h @@ -755,6 +755,7 @@ tc_cls_common_offload_init(struct flow_cls_common_offload *cls_common, cls_common->chain_index = tp->chain->index; cls_common->protocol = tp->protocol; cls_common->prio = tp->prio >> 16; + cls_common->skip_sw = tc_skip_sw(flags); if (tc_skip_sw(flags) || flags & TCA_CLS_FLAGS_VERBOSE) cls_common->extack = extack; }
Background: switchdev ports offload the Linux bridge, and most of the packets they handle will never see the CPU. The ports between which there exists no hardware data path are considered 'foreign' to switchdev. These can either be normal physical NICs without switchdev offload, or incompatible switchdev ports, or virtual interfaces like veth/dummy/etc. In some cases, an offloaded filter can only do half the work, and the rest must be handled by software. Redirecting/mirroring from the ingress of a switchdev port towards a foreign interface is one example of combined hardware/software data path. The most that the switchdev port can do is to extract the matching packets from its offloaded data path and send them to the CPU. From there on, the software filter runs (a second time, after the first run in hardware) on the packet and performs the mirred action. It makes sense for switchdev drivers which allow this kind of "half offloading" to sense the "skip_sw" flag of the filter/action pair, and deny attempts from the user to install a filter that does not run in software, because that simply won't work. In fact, a mirred action on a switchdev port towards a dummy interface appears to be a valid way of (selectively) monitoring offloaded traffic that flows through it. IFF_PROMISC was also discussed years ago, but (despite initial disagreement) there seems to be consensus that this flag should not affect the destination taken by packets, but merely whether or not the NIC discards packets with unknown MAC DA for local processing. [1] https://lore.kernel.org/netdev/20190830092637.7f83d162@ceranb/ [2] https://lore.kernel.org/netdev/20191002233750.13566-1-olteanv@gmail.com/ Suggested-by: Ido Schimmel <idosch@nvidia.com> Link: https://lore.kernel.org/netdev/ZxUo0Dc0M5Y6l9qF@shredder.mtl.com/ Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> --- v2->v3: move skip_sw from struct flow_cls_offload and struct tc_cls_matchall_offload to struct flow_cls_common_offload. v1->v2: rewrite commit message include/net/flow_offload.h | 1 + include/net/pkt_cls.h | 1 + 2 files changed, 2 insertions(+)