Re: [PATCH net-next v2 2/5] net: microchip: sparx5: Adding more tc flower keys for the IS2 VCAP

[Steen Hegelund <steen.hegelund@microchip.com>]

Hi Casper,

First of all thanks for the testing effort (as usual).  This is most welcome.

On Mon, 2022-10-31 at 11:44 +0100, Casper Andersson wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> Hi Steen,
> 
> On 2022-10-28 16:45, Steen Hegelund wrote:
> > - IPv4 Addresses
> >     tc filter add dev eth12 ingress chain 8000000 prio 12 handle 12 \
> >         protocol ip flower skip_sw dst_ip 1.0.1.1 src_ip 2.0.2.2    \
> >         action trap
> 
> I'm not able to get this working on PCB135. I tested the VLAN tags and
> did not work either (did not test the rest). The example from the
> previous patch series doesn't work either after applying this series.


Yes I did not really explain this part (and I will update the series with an explanation).

1) The rule example in the previous series will no longer work as expected as the changes to the
port keyset configuration now requires a non-ip frame to generate the MAC_ETYPE keyset.

So to test the MAC_ETYPE case your rule must be non-ip and not use "protocol all" which is not
supported yet.  

Here is an example using the "protocol 0xbeef":

tc qdisc add dev eth3 clsact
tc filter add dev eth3 ingress chain 8000000 prio 10 handle 10 \
        protocol 0xbeef flower skip_sw \
        dst_mac 0a:0b:0c:0d:0e:0f \
        src_mac 2:0:0:0:0:1 \
        action trap

And send a frame like this (using EasyFrame):

ef tx eth_fiber1 rep 10 eth dmac 0a:0b:0c:0d:0e:0f smac 2::1 et 0xbeef data repeat 50 0x61

I am not sure what went wrong when you tested the ipv4 rule, but if I create the rule that you
quoted above the rule is activated when I send frames like this:

ef tx eth_fiber1 rep 10 eth dmac 0a:0b:0c:0d:0e:0f smac 2::2 ipv4 dip 1.0.1.1 sip 2.0.2.2  data
repeat 50 0x61 

Note that the smac is changed to avoid hitting the first rule.

2) As for the VLAN based rules, the VLAN information used by IS2 is the classified VID and PCP, so
you need to create a bridge and add the VID to the bridge and the ports to see this in action.

IS0 uses the VLAN tags in the frames directly: this is one of the differences between IS0 and IS2.

This is how I set up a bridge on my PCB134 when I do the testing:

ip link add name br5 type bridge
ip link set dev br5 up
ip link set eth12 master br5
ip link set eth13 master br5
ip link set eth14 master br5
ip link set eth15 master br5
sysctl -w net.ipv6.conf.eth12.disable_ipv6=1
sysctl -w net.ipv6.conf.eth13.disable_ipv6=1
sysctl -w net.ipv6.conf.eth14.disable_ipv6=1
sysctl -w net.ipv6.conf.eth15.disable_ipv6=1
sysctl -w net.ipv6.conf.br5.disable_ipv6=1
ip link set dev br5 type bridge vlan_filtering 1
bridge vlan add dev eth12 vid 600
bridge vlan add dev eth13 vid 600
bridge vlan add dev eth14 vid 600
bridge vlan add dev eth15 vid 600
bridge vlan add dev br5 vid 600 self

This should now allow you to use the classified VLAN information in IS2 on these four ports.

> 
> This example was provided in your last patch series and worked earlier.
> 
> My setup is PC-eth0 -> PCB135-eth3 and I use the following EasyFrames
> command to send packets:
> 
> ef tx eth0 rep 50 eth smac 02:00:00:00:00:01 dmac 0a:0b:0c:0d:0e:0f
> 
> IPv4:
> tc qdisc add dev eth3 clsact
> tc filter add dev eth3 ingress chain 8000000 prio 12 handle 12 \
>     protocol ip flower skip_sw dst_ip 1.0.1.1 src_ip 2.0.2.2    \
>     action trap
> 
> ef tx eth0 rep 50 eth smac 02:00:00:00:00:01 dmac 0a:0b:0c:0d:0e:0f ipv4 dip 1.0.1.1 sip 2.0.2.2
> 
> Same setup as above and I can't get this to work either.

Maybe you are hitting the first rule here, so changing the smac to avoid that, should help.

> 
> I'm using tcpdump to watch the interface to see if the packets are being
> trapped or not. Changing the packets' dmac to broadcast lets me see the
> packets so I don't have any issue with the setup.
> 
> BR,
> Casper
> 

Best Regards
Steen