Thread (7 messages) 7 messages, 3 authors, 2020-02-24

Re: [PATCH net-next v3 1/2] net: mscc: ocelot: Add support for tcam

From: Vladimir Oltean <olteanv@gmail.com>
Date: 2020-02-24 11:32:28
Also in: linux-mips, lkml, netdev 

Hi Horatiu,

On Mon, 24 Feb 2020 at 13:03, Horatiu Vultur
[off-list ref] wrote:
Hi Vladimir,

The 02/24/2020 12:38, Vladimir Oltean wrote:
quoted
EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe

Hi Horatiu,

On Fri, 31 May 2019 at 10:18, Horatiu Vultur
[off-list ref] wrote:
quoted
Add ACL support using the TCAM. Using ACL it is possible to create rules
in hardware to filter/redirect frames.

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
---
 arch/mips/boot/dts/mscc/ocelot.dtsi      |   5 +-
 drivers/net/ethernet/mscc/Makefile       |   2 +-
 drivers/net/ethernet/mscc/ocelot.c       |  13 +
 drivers/net/ethernet/mscc/ocelot.h       |   8 +
 drivers/net/ethernet/mscc/ocelot_ace.c   | 777 +++++++++++++++++++++++++++++++
 drivers/net/ethernet/mscc/ocelot_ace.h   | 227 +++++++++
 drivers/net/ethernet/mscc/ocelot_board.c |   1 +
 drivers/net/ethernet/mscc/ocelot_regs.c  |  11 +
 drivers/net/ethernet/mscc/ocelot_s2.h    |  64 +++
 drivers/net/ethernet/mscc/ocelot_vcap.h  | 403 ++++++++++++++++
 10 files changed, 1508 insertions(+), 3 deletions(-)
 create mode 100644 drivers/net/ethernet/mscc/ocelot_ace.c
 create mode 100644 drivers/net/ethernet/mscc/ocelot_ace.h
 create mode 100644 drivers/net/ethernet/mscc/ocelot_s2.h
 create mode 100644 drivers/net/ethernet/mscc/ocelot_vcap.h
I was testing this functionality and it looks like the MAC_ETYPE keys
(src_mac, dst_mac) only match non-IP frames.
Example, this rule doesn't drop ping traffic:

tc qdisc add dev swp0 clsact
tc filter add dev swp0 ingress flower skip_sw dst_mac
96:e1:ef:64:1b:44 action drop

Would it be possible to do anything about that?
What you could do is to configure each port in such a way, to treat IP
frames as MAC_ETYPE frames. Have a look in ANA:PORT[0-11]:VCAP_S2_CFG.

There might be a problem with this approach. If you configure the port
in such a way, then all your rules with the keys IP6, IP4 will not be
match on that port.
Thanks for the quick answer.
Doing that is indeed problematic and would not be my first choice. I
was expecting MAC_ETYPE rules to always match an Ethernet frame
regardless of higher-level protocols, and that the user would decide
the behavior via rule ordering.
quoted
Thanks,
-Vladimir
--
/Horatiu
-Vladimir
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help