From: Steen Hegelund <steen.hegelund@microchip.com>
To: Casper Andersson <casper.casan@gmail.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
<UNGLinuxDriver@microchip.com>,
Randy Dunlap <rdunlap@infradead.org>,
Russell King <rmk+kernel@armlinux.org.uk>,
"Wan Jiabing" <wanjiabing@vivo.com>,
Nathan Huckleberry <nhuck@google.com>,
<linux-kernel@vger.kernel.org>, <netdev@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
Daniel Machon <daniel.machon@microchip.com>,
Horatiu Vultur <horatiu.vultur@microchip.com>,
Lars Povlsen <lars.povlsen@microchip.com>
Subject: Re: [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP
Date: Mon, 31 Oct 2022 16:51:47 +0100 [thread overview]
Message-ID: <1625e326b6b8fc030425c61c29d31262366edf7a.camel@microchip.com> (raw)
In-Reply-To: <20221031145209.hqebvyfqdsrzhiuh@wse-c0155>
Hi Casper,
On Mon, 2022-10-31 at 15:52 +0100, Casper Andersson wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> Hi Steen,
>
> On 2022-10-31 13:14, Steen Hegelund wrote:
> > Hi Casper,
> >
> > First of all thanks for the testing effort (as usual). This is most welcome.
> >
> > On Mon, 2022-10-31 at 11:44 +0100, Casper Andersson wrote:
> > > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> > >
> > > Hi Steen,
> > >
> > > On 2022-10-28 16:45, Steen Hegelund wrote:
> > > > - IPv4 Addresses
> > > > tc filter add dev eth12 ingress chain 8000000 prio 12 handle 12 \
> > > > protocol ip flower skip_sw dst_ip 1.0.1.1 src_ip 2.0.2.2 \
> > > > action trap
> > >
> > > I'm not able to get this working on PCB135. I tested the VLAN tags and
> > > did not work either (did not test the rest). The example from the
> > > previous patch series doesn't work either after applying this series.
> >
> >
> > Yes I did not really explain this part (and I will update the series with an explanation).
> >
> > 1) The rule example in the previous series will no longer work as expected as the changes to the
> > port keyset configuration now requires a non-ip frame to generate the MAC_ETYPE keyset.
> >
> > So to test the MAC_ETYPE case your rule must be non-ip and not use "protocol all" which is not
> > supported yet.
> >
> > Here is an example using the "protocol 0xbeef":
> >
> > tc qdisc add dev eth3 clsact
> > tc filter add dev eth3 ingress chain 8000000 prio 10 handle 10 \
> > protocol 0xbeef flower skip_sw \
> > dst_mac 0a:0b:0c:0d:0e:0f \
> > src_mac 2:0:0:0:0:1 \
> > action trap
> >
> > And send a frame like this (using EasyFrame):
> >
> > ef tx eth_fiber1 rep 10 eth dmac 0a:0b:0c:0d:0e:0f smac 2::1 et 0xbeef data repeat 50 0x61
>
> Thanks, this works. I saw now that you even mentioned that "protocol
> all" doesn't work at the very end of this commit message.
>
> > I am not sure what went wrong when you tested the ipv4 rule, but if I create the rule that you
> > quoted above the rule is activated when I send frames like this:
> >
> > ef tx eth_fiber1 rep 10 eth dmac 0a:0b:0c:0d:0e:0f smac 2::2 ipv4 dip 1.0.1.1 sip 2.0.2.2 data
> > repeat 50 0x61
>
> Looks like adding the "data" at the end of it makes a difference when
> creating the packets. Without it the ip.proto field becomes 17 (UDP).
> With "data" it becomes 0 (IPv6 Hop-by-Hop Option). Ef will defaults to
> 17 if no data is specified, otherwise it ends up 0. And the reason
> UDP doesn't get trapped I assume is because this rule falls under the
> IPV4_OTHER keyset (as opposed to IPV4_TCP_UDP).
Yes the EasyFrame tool just uses defaults if you do not specify any data for the frame, so I usually
try to remember to do that to tweak the test a bit.
>
> Doing just this was enough:
> ef tx eth0 rep 10 eth dmac 0a:0b:0c:0d:0e:0f smac 2::2 ipv4 dip 1.0.1.1 sip 2.0.2.2 data
>
> This also solved it for VLANs. I have successfully tested ipv4, ipv6,
> protocol info (ICMP), and vlan tag info from the examples you provided.
>
> Tested on Microchip PCB135 switch.
>
> Tested-by: Casper Andersson <casper.casan@gmail.com>
>
> BR,
> Casper
>
> >
> > Note that the smac is changed to avoid hitting the first rule.
> >
> > 2) As for the VLAN based rules, the VLAN information used by IS2 is the classified VID and PCP,
> > so
> > you need to create a bridge and add the VID to the bridge and the ports to see this in action.
> >
> > IS0 uses the VLAN tags in the frames directly: this is one of the differences between IS0 and
> > IS2.
> >
> > This is how I set up a bridge on my PCB134 when I do the testing:
> >
> > ip link add name br5 type bridge
> > ip link set dev br5 up
> > ip link set eth12 master br5
> > ip link set eth13 master br5
> > ip link set eth14 master br5
> > ip link set eth15 master br5
> > sysctl -w net.ipv6.conf.eth12.disable_ipv6=1
> > sysctl -w net.ipv6.conf.eth13.disable_ipv6=1
> > sysctl -w net.ipv6.conf.eth14.disable_ipv6=1
> > sysctl -w net.ipv6.conf.eth15.disable_ipv6=1
> > sysctl -w net.ipv6.conf.br5.disable_ipv6=1
> > ip link set dev br5 type bridge vlan_filtering 1
> > bridge vlan add dev eth12 vid 600
> > bridge vlan add dev eth13 vid 600
> > bridge vlan add dev eth14 vid 600
> > bridge vlan add dev eth15 vid 600
> > bridge vlan add dev br5 vid 600 self
> >
> > This should now allow you to use the classified VLAN information in IS2 on these four ports.
> >
> > >
> > > This example was provided in your last patch series and worked earlier.
> > >
> > > My setup is PC-eth0 -> PCB135-eth3 and I use the following EasyFrames
> > > command to send packets:
> > >
> > > ef tx eth0 rep 50 eth smac 02:00:00:00:00:01 dmac 0a:0b:0c:0d:0e:0f
> > >
> > > IPv4:
> > > tc qdisc add dev eth3 clsact
> > > tc filter add dev eth3 ingress chain 8000000 prio 12 handle 12 \
> > > protocol ip flower skip_sw dst_ip 1.0.1.1 src_ip 2.0.2.2 \
> > > action trap
> > >
> > > ef tx eth0 rep 50 eth smac 02:00:00:00:00:01 dmac 0a:0b:0c:0d:0e:0f ipv4 dip 1.0.1.1 sip
> > > 2.0.2.2
> > >
> > > Same setup as above and I can't get this to work either.
> >
> > Maybe you are hitting the first rule here, so changing the smac to avoid that, should help.
> >
> > >
> > > I'm using tcpdump to watch the interface to see if the packets are being
> > > trapped or not. Changing the packets' dmac to broadcast lets me see the
> > > packets so I don't have any issue with the setup.
> > >
> > > BR,
> > > Casper
> > >
> >
> > Best Regards
> > Steen
>
> BR,
> Casper
Thanks again for the testing. I will send an updated series with a bit more explanation in the
commit header.
BR
Steen
next prev parent reply other threads:[~2022-10-31 15:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-28 14:45 [PATCH net-next v2 0/5] Extend TC key support for Sparx5 IS2 VCAP Steen Hegelund
2022-10-28 14:45 ` [PATCH net-next v2 1/5] net: microchip: sparx5: Differentiate IPv4 and IPv6 traffic in keyset config Steen Hegelund
2022-10-28 14:45 ` [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP Steen Hegelund
2022-10-31 10:44 ` Casper Andersson
2022-10-31 12:14 ` Steen Hegelund
2022-10-31 14:52 ` Casper Andersson
2022-10-31 15:51 ` Steen Hegelund [this message]
2022-11-01 1:41 ` Jakub Kicinski
2022-11-01 7:31 ` Steen Hegelund
2022-11-01 15:49 ` Jakub Kicinski
2022-11-01 19:32 ` Steen Hegelund
2022-11-02 13:11 ` Steen Hegelund
2022-11-03 1:28 ` Jakub Kicinski
2022-11-03 16:21 ` Steen Hegelund
2022-10-28 14:45 ` [PATCH net-next v2 3/5] net: microchip: sparx5: Match keys in configured port keysets Steen Hegelund
2022-10-28 14:45 ` [PATCH net-next v2 4/5] net: microchip: sparx5: Let VCAP API validate added key- and actionfields Steen Hegelund
2022-10-28 14:45 ` [PATCH net-next v2 5/5] net: microchip: sparx5: Adding KUNIT tests of key/action values in VCAP API Steen Hegelund
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1625e326b6b8fc030425c61c29d31262366edf7a.camel@microchip.com \
--to=steen.hegelund@microchip.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=casper.casan@gmail.com \
--cc=daniel.machon@microchip.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horatiu.vultur@microchip.com \
--cc=kuba@kernel.org \
--cc=lars.povlsen@microchip.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhuck@google.com \
--cc=pabeni@redhat.com \
--cc=rdunlap@infradead.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=wanjiabing@vivo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).