From patchwork Fri Jan 12 15:46:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Pirko X-Patchwork-Id: 860019 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=resnulli-us.20150623.gappssmtp.com header.i=@resnulli-us.20150623.gappssmtp.com header.b="Evx2mN+j"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zJ6bf61l9z9t3B for ; Sat, 13 Jan 2018 02:48:30 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934048AbeALPrJ (ORCPT ); Fri, 12 Jan 2018 10:47:09 -0500 Received: from mail-wm0-f50.google.com ([74.125.82.50]:41943 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933975AbeALPrH (ORCPT ); Fri, 12 Jan 2018 10:47:07 -0500 Received: by mail-wm0-f50.google.com with SMTP id g75so13075697wme.0 for ; Fri, 12 Jan 2018 07:47:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=resnulli-us.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=+QYgDLrBpxZNNemsdKu6zB3g3ub9sDTWNHWT1fstkKY=; b=Evx2mN+jtxFh25FsH18FXogJWZOpbQj27Iz5noW4dF2/RVSVqsqyLcUCkCSa/TwewQ ehXNtRmc2UE9q+X3e4RCJLU8Z3dpCkYhVfkaD8phbE1M6TCs0x76ObuWrWnC1DeSkLx2 hbKtkFZ4gmdEKS32qDfJw3ZEJzVyUpaDCNTU68NhmXEhVnJJv8JpX+/7GsGDdB9YHdpP qy6hAhEZ+nL811lR6PkRHE672WmlwOagWOWkRVhDsMir66qumWwqOjDTWV1w2vtTvFd2 tRkLAP2fUD/jbImvsxqh34TOkBNZJwYyHK/6ju8kQAwpsrBJfNm6T/JzEB9An3HIFl95 3PCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=+QYgDLrBpxZNNemsdKu6zB3g3ub9sDTWNHWT1fstkKY=; b=eUPhb50t5WGC8gQ1/EEnGosW8XKtXOiGyixOVcJOQJp75yYd82T6j44IUMPAJHF+nQ Ec7YMRKcO3Ig0jLRJ+9RT+96SyCDZ0yydCyYCQYPGNXEOZ14lQ9EN45/mRH+Ij7/oVXG IOPXzjYOoxU/NwYUuKNjP7hCbWXoQGM2zemuRoROa3Rtg+iIphLC2qLpUXWmBM4Wft8f DaDCpH4mz/VuUHdG6fTqNnjgyGERlfmfDxfQDOSlFcX6a3AGhFq2U9cBEs1VFxKgtfcO XnqZoI1Ql8lOGE/GDOQ4izkwb/imWyhdEqfoYyFHpu6HgGgnhf8RoOMdjdBg2dEoV1df xPSw== X-Gm-Message-State: AKwxyteldZYEqaDcOUrOMmIzVplctQkoQSoGZH8nsSp9inqtUD+Ft1+i VvK88zOVLExi42i0FpBgQecnJRxd X-Google-Smtp-Source: ACJfBovuhnwZX6PSUijCC6cGT8CZ0aDyZfR/rCB8tpXh4HnAOb9J0UeJTjtjSo7CVlo8jd54dGt8pQ== X-Received: by 10.28.238.217 with SMTP id j86mr4319172wmi.151.1515772025806; Fri, 12 Jan 2018 07:47:05 -0800 (PST) Received: from localhost (jirka.pirko.cz. [84.16.102.26]) by smtp.gmail.com with ESMTPSA id 11sm20914496wrx.73.2018.01.12.07.47.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 12 Jan 2018 07:47:05 -0800 (PST) From: Jiri Pirko To: netdev@vger.kernel.org Cc: davem@davemloft.net, jhs@mojatatu.com, xiyou.wangcong@gmail.com, mlxsw@mellanox.com, andrew@lunn.ch, vivien.didelot@savoirfairelinux.com, f.fainelli@gmail.com, michael.chan@broadcom.com, ganeshgr@chelsio.com, saeedm@mellanox.com, matanb@mellanox.com, leonro@mellanox.com, idosch@mellanox.com, jakub.kicinski@netronome.com, simon.horman@netronome.com, pieter.jansenvanvuuren@netronome.com, john.hurley@netronome.com, alexander.h.duyck@intel.com, ogerlitz@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, dsahern@gmail.com Subject: [patch net-next v8 00/14] net: sched: allow qdiscs to share filter block instances Date: Fri, 12 Jan 2018 16:46:50 +0100 Message-Id: <20180112154704.1694-1-jiri@resnulli.us> X-Mailer: git-send-email 2.9.5 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jiri Pirko Currently the filters added to qdiscs are independent. So for example if you have 2 netdevices and you create ingress qdisc on both and you want to add identical filter rules both, you need to add them twice. This patchset makes this easier and mainly saves resources allowing to share all filters within a qdisc - I call it a "filter block". Also this helps to save resources when we do offload to hw for example to expensive TCAM. So back to the example. First, we create 2 qdiscs. Both will share block number 22. "22" is just an identification: $ tc qdisc add dev ens7 ingress_block 22 ingress ^^^^^^^^^^^^^^^^ $ tc qdisc add dev ens8 ingress_block 22 ingress ^^^^^^^^^^^^^^^^ If we don't specify "block" command line option, no shared block would be created: $ tc qdisc add dev ens9 ingress Now if we list the qdiscs, we will see the block index in the output: $ tc qdisc qdisc ingress ffff: dev ens7 parent ffff:fff1 ingress_block 22 qdisc ingress ffff: dev ens8 parent ffff:fff1 ingress_block 22 qdisc ingress ffff: dev ens9 parent ffff:fff1 To make is more visual, the situation looks like this: ens7 ingress qdisc ens7 ingress qdisc | | | | +----------> block 22 <----------+ Unlimited number of qdiscs may share the same block. Note that this patchset introduces block sharing support also for clsact qdisc: $ tc qdisc add dev ens10 ingress_block 23 egress_block 24 clsact $ tc qdisc show dev ens10 qdisc clsact ffff: dev ens10 parent ffff:fff1 ingress_block 23 egress_block 24 We can add filter using the block index: $ tc filter add block 22 protocol ip pref 25 flower dst_ip 192.168.0.0/16 action drop Note we cannot use the qdisc for filter manipulations of shared blocks: $ tc filter add dev ens8 ingress protocol ip pref 1 flower dst_ip 192.168.100.2 action drop Error: This filter block is shared. Please use the block index to manipulate the filters. We will see the same output if we list filters for ingress qdisc of ens7 and ens8, also for the block 22: $ tc filter show block 22 filter block 22 protocol ip pref 25 flower chain 0 filter block 22 protocol ip pref 25 flower chain 0 handle 0x1 ... $ tc filter show dev ens7 ingress filter block 22 protocol ip pref 25 flower chain 0 filter block 22 protocol ip pref 25 flower chain 0 handle 0x1 ... $ tc filter show dev ens8 ingress filter block 22 protocol ip pref 25 flower chain 0 filter block 22 protocol ip pref 25 flower chain 0 handle 0x1 ... --- v7->v8: - patch 7: - added comment to ifindex block magic - patch 9: - new patch - patch 10: - base this on the patch that introduces qdisc-generic block index attributes parsing/dumping - patch 13: - rebased on top of current net-next v6->v7: - patch 1: - unsquashed shared block patch that was previously squashed by mistake - fixed error path in block create - freeing chain 0 - patch 2: - new patch - splitted from the previous one as it got accidentaly squashed in the rebasing process in the past - converted to idr extended - removed auto-generating of block indexes. Callers have to explicily tell that the block is shared by passing non-zero block index - fixed error path in block get ext - freeing chain 0 - patch 7: - changed extack message for block index handle as suggested by DaveA - added extack message when block index does not exist - the block ifindex magic is in define and change to 0xffffffff as suggested by Jamal - patch 8: - new patch implementing RTM_GETBLOCK in order to query if the block with some index exists - patch 9: - adjust to the core changes and check block index attributes for being 0 v5->v6: - added patch 6 that introduces block handle v4->v5: - patch 5: - add tracking of binding of devs that are unable to offload and check that before block cbs call. v3->v4: - patch 1: - rebased on top of the current net-next - added some extack strings - patch 3: - rebased on top of the current net-next - patch 5: - propagate netdev_ops->ndo_setup_tc error up to tcf_block_offload_bind caller - patch 7: - rebased on top of the current net-next v2->v3: - removed original patch 1, removing tp->q cls_bpf dependency. Fixed by Jakub in the meantime. - patch 1: - rebased on top of the current net-next - patch 5: - new patch - patch 8: - removed "p_" prefix from block index function args - patch 10: - add tc offload feature handling Jiri Pirko (14): net: sched: introduce support for multiple filter chain pointers registration net: sched: introduce shared filter blocks infrastructure net: sched: avoid usage of tp->q in tcf_classify net: sched: introduce block mechanism to handle netif_keep_dst calls net: sched: remove classid and q fields from tcf_proto net: sched: keep track of offloaded filters and check tc offload feature net: sched: use block index as a handle instead of qdisc when block is shared net: sched: add rt netlink message type for block get net: sched: introduce ingress/egress block index attributes for qdisc net: sched: allow ingress and clsact qdiscs to share filter blocks mlxsw: spectrum_acl: Reshuffle code around mlxsw_sp_acl_ruleset_create/destroy mlxsw: spectrum_acl: Don't store netdev and ingress for ruleset unbind mlxsw: spectrum_acl: Implement TC block sharing mlxsw: spectrum_acl: Pass mlxsw_sp_port down to ruleset bind/unbind ops drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 182 +++++- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 43 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 302 +++++++--- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 44 +- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 41 +- include/net/pkt_cls.h | 8 + include/net/sch_generic.h | 34 +- include/uapi/linux/rtnetlink.h | 18 + net/sched/cls_api.c | 655 ++++++++++++++++----- net/sched/cls_bpf.c | 9 +- net/sched/cls_flow.c | 2 +- net/sched/cls_flower.c | 3 +- net/sched/cls_matchall.c | 3 +- net/sched/cls_route.c | 2 +- net/sched/cls_u32.c | 13 +- net/sched/sch_api.c | 60 ++ net/sched/sch_ingress.c | 76 ++- security/selinux/nlmsgtab.c | 5 +- 18 files changed, 1179 insertions(+), 321 deletions(-)