Re: [PATCH net-next v3 1/2] net: mscc: ocelot: Add support for tcam

From: Vladimir Oltean
Date: Mon Feb 24 2020 - 06:32:27 EST

Next message: Lorenzo Pieralisi: "Re: [PATCH V3 4/5] PCI: dwc: Add API to notify core initialization completion"
Previous message: Thomas Gleixner: "Re: [PATCH] genirq/irqdomain: Make sure all irq domain flags are distinct"
In reply to: Horatiu Vultur: "Re: [PATCH net-next v3 1/2] net: mscc: ocelot: Add support for tcam"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Horatiu,

On Mon, 24 Feb 2020 at 13:03, Horatiu Vultur
<horatiu.vultur@xxxxxxxxxxxxx> wrote:
>
> Hi Vladimir,
>
> The 02/24/2020 12:38, Vladimir Oltean wrote:
> > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> >
> > Hi Horatiu,
> >
> > On Fri, 31 May 2019 at 10:18, Horatiu Vultur
> > <horatiu.vultur@xxxxxxxxxxxxx> wrote:
> > >
> > > Add ACL support using the TCAM. Using ACL it is possible to create rules
> > > in hardware to filter/redirect frames.
> > >
> > > Signed-off-by: Horatiu Vultur <horatiu.vultur@xxxxxxxxxxxxx>
> > > ---
> > > arch/mips/boot/dts/mscc/ocelot.dtsi | 5 +-
> > > drivers/net/ethernet/mscc/Makefile | 2 +-
> > > drivers/net/ethernet/mscc/ocelot.c | 13 +
> > > drivers/net/ethernet/mscc/ocelot.h | 8 +
> > > drivers/net/ethernet/mscc/ocelot_ace.c | 777 +++++++++++++++++++++++++++++++
> > > drivers/net/ethernet/mscc/ocelot_ace.h | 227 +++++++++
> > > drivers/net/ethernet/mscc/ocelot_board.c | 1 +
> > > drivers/net/ethernet/mscc/ocelot_regs.c | 11 +
> > > drivers/net/ethernet/mscc/ocelot_s2.h | 64 +++
> > > drivers/net/ethernet/mscc/ocelot_vcap.h | 403 ++++++++++++++++
> > > 10 files changed, 1508 insertions(+), 3 deletions(-)
> > > create mode 100644 drivers/net/ethernet/mscc/ocelot_ace.c
> > > create mode 100644 drivers/net/ethernet/mscc/ocelot_ace.h
> > > create mode 100644 drivers/net/ethernet/mscc/ocelot_s2.h
> > > create mode 100644 drivers/net/ethernet/mscc/ocelot_vcap.h
> > >
> >
> > I was testing this functionality and it looks like the MAC_ETYPE keys
> > (src_mac, dst_mac) only match non-IP frames.
> > Example, this rule doesn't drop ping traffic:
> >
> > tc qdisc add dev swp0 clsact
> > tc filter add dev swp0 ingress flower skip_sw dst_mac
> > 96:e1:ef:64:1b:44 action drop
> >
> > Would it be possible to do anything about that?
>
> What you could do is to configure each port in such a way, to treat IP
> frames as MAC_ETYPE frames. Have a look in ANA:PORT[0-11]:VCAP_S2_CFG.
>
> There might be a problem with this approach. If you configure the port
> in such a way, then all your rules with the keys IP6, IP4 will not be
> match on that port.
>

Thanks for the quick answer.
Doing that is indeed problematic and would not be my first choice. I
was expecting MAC_ETYPE rules to always match an Ethernet frame
regardless of higher-level protocols, and that the user would decide
the behavior via rule ordering.

> >
> > Thanks,
> > -Vladimir
>
> --
> /Horatiu

-Vladimir

Next message: Lorenzo Pieralisi: "Re: [PATCH V3 4/5] PCI: dwc: Add API to notify core initialization completion"
Previous message: Thomas Gleixner: "Re: [PATCH] genirq/irqdomain: Make sure all irq domain flags are distinct"
In reply to: Horatiu Vultur: "Re: [PATCH net-next v3 1/2] net: mscc: ocelot: Add support for tcam"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]