Re: [patch net-next v2 00/10] net: sched: allow qdiscs to share filter block instances

2017-11-18 Thread Jiri Pirko 
Thu, Nov 16, 2017 at 12:12:47AM CET, xiyou.wangc...@gmail.com wrote:
>On Sun, Nov 12, 2017 at 7:55 AM, Jiri Pirko  wrote:
>> From: Jiri Pirko 
>>
>> Currently the filters added to qdiscs are independent. So for example if you
>> have 2 netdevices and you create ingress qdisc on both and you want to add
>> identical filter rules both, you need to add them twice. This patchset
>> makes this easier and mainly saves resources allowing to share all filters
>> within a qdisc - I call it a "filter block". Also this helps to save
>> resources when we do offload to hw for example to expensive TCAM.
>>
>> So back to the example. First, we create 2 qdiscs. Both will share
>> block number 22. "22" is just an identification. If we don't pass any
>> block number, a new one will be generated by kernel:
>
>Should not block 0 by used by default if not specified by user?
>Why a new one?

That would mean you would share block 0 among all newly created qdiscs.
That is not right. By default, there should be no sharing.

>
>
>>
>> $ tc qdisc add dev ens7 ingress block 22
>> 
>> $ tc qdisc add dev ens8 ingress block 22
>> 
>>
>> Now if we list the qdiscs, we will see the block index in the output:
>>
>> $ tc qdisc
>> qdisc ingress : dev ens7 parent :fff1 block 22
>> qdisc ingress : dev ens8 parent :fff1 block 22
>>
>> Now we can add filter to any of qdiscs sharing the same block:
>>
>> $ tc filter add dev ens7 ingress protocol ip pref 25 flower dst_ip 
>> 192.168.0.0/16 action drop
>>
>
>So you don't need to specify block 22 for this filter?
>Because there is only one block???

eth7 was ingress qdisc was assigned block 22 during the creation.
There is always 1 block assigned to one qdisc. However there might be
multiple qdiscs sharing one block. I will try to make this more clear in
the cover letter.



>
>
>>
>> We will see the same output if we list filters for ens7 and ens8, including 
>> stats:
>>
>> $ tc -s filter show dev ens7 ingress
>> filter protocol ip pref 25 flower chain 0
>> filter protocol ip pref 25 flower chain 0 handle 0x1
>>   eth_type ipv4
>>   dst_ip 192.168.0.0/16
>>   not_in_hw
>> action order 1: gact action drop
>>  random type none pass val 0
>>  index 1 ref 1 bind 1 installed 39 sec used 2 sec
>> Action statistics:
>> Sent 3108 bytes 37 pkt (dropped 37, overlimits 0 requeues 0)
>> backlog 0b 0p requeues 0
>
>
>Don't see which block it belongs to here.

Re: [patch net-next v2 00/10] net: sched: allow qdiscs to share filter block instances

2017-11-15 Thread Cong Wang 
On Sun, Nov 12, 2017 at 7:55 AM, Jiri Pirko  wrote:
> From: Jiri Pirko 
>
> Currently the filters added to qdiscs are independent. So for example if you
> have 2 netdevices and you create ingress qdisc on both and you want to add
> identical filter rules both, you need to add them twice. This patchset
> makes this easier and mainly saves resources allowing to share all filters
> within a qdisc - I call it a "filter block". Also this helps to save
> resources when we do offload to hw for example to expensive TCAM.
>
> So back to the example. First, we create 2 qdiscs. Both will share
> block number 22. "22" is just an identification. If we don't pass any
> block number, a new one will be generated by kernel:

Should not block 0 by used by default if not specified by user?
Why a new one?


>
> $ tc qdisc add dev ens7 ingress block 22
> 
> $ tc qdisc add dev ens8 ingress block 22
> 
>
> Now if we list the qdiscs, we will see the block index in the output:
>
> $ tc qdisc
> qdisc ingress : dev ens7 parent :fff1 block 22
> qdisc ingress : dev ens8 parent :fff1 block 22
>
> Now we can add filter to any of qdiscs sharing the same block:
>
> $ tc filter add dev ens7 ingress protocol ip pref 25 flower dst_ip 
> 192.168.0.0/16 action drop
>

So you don't need to specify block 22 for this filter?
Because there is only one block???


>
> We will see the same output if we list filters for ens7 and ens8, including 
> stats:
>
> $ tc -s filter show dev ens7 ingress
> filter protocol ip pref 25 flower chain 0
> filter protocol ip pref 25 flower chain 0 handle 0x1
>   eth_type ipv4
>   dst_ip 192.168.0.0/16
>   not_in_hw
> action order 1: gact action drop
>  random type none pass val 0
>  index 1 ref 1 bind 1 installed 39 sec used 2 sec
> Action statistics:
> Sent 3108 bytes 37 pkt (dropped 37, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0


Don't see which block it belongs to here.

[patch net-next v2 00/10] net: sched: allow qdiscs to share filter block instances

2017-11-12 Thread Jiri Pirko 
From: Jiri Pirko 

Currently the filters added to qdiscs are independent. So for example if you
have 2 netdevices and you create ingress qdisc on both and you want to add
identical filter rules both, you need to add them twice. This patchset
makes this easier and mainly saves resources allowing to share all filters
within a qdisc - I call it a "filter block". Also this helps to save
resources when we do offload to hw for example to expensive TCAM.

So back to the example. First, we create 2 qdiscs. Both will share
block number 22. "22" is just an identification. If we don't pass any
block number, a new one will be generated by kernel:

$ tc qdisc add dev ens7 ingress block 22

$ tc qdisc add dev ens8 ingress block 22


Now if we list the qdiscs, we will see the block index in the output:

$ tc qdisc
qdisc ingress : dev ens7 parent :fff1 block 22
qdisc ingress : dev ens8 parent :fff1 block 22

Now we can add filter to any of qdiscs sharing the same block:

$ tc filter add dev ens7 ingress protocol ip pref 25 flower dst_ip 
192.168.0.0/16 action drop


We will see the same output if we list filters for ens7 and ens8, including 
stats:

$ tc -s filter show dev ens7 ingress
filter protocol ip pref 25 flower chain 0
filter protocol ip pref 25 flower chain 0 handle 0x1
  eth_type ipv4
  dst_ip 192.168.0.0/16
  not_in_hw
action order 1: gact action drop
 random type none pass val 0
 index 1 ref 1 bind 1 installed 39 sec used 2 sec
Action statistics:
Sent 3108 bytes 37 pkt (dropped 37, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

$ tc -s filter show dev ens8 ingress
filter protocol ip pref 25 flower chain 0
filter protocol ip pref 25 flower chain 0 handle 0x1
  eth_type ipv4
  dst_ip 192.168.0.0/16
  not_in_hw
action order 1: gact action drop
 random type none pass val 0
 index 1 ref 1 bind 1 installed 40 sec used 3 sec
Action statistics:
Sent 3108 bytes 37 pkt (dropped 37, overlimits 0 requeues 0)
backlog 0b 0p requeues 0

---
v1->v2:
-patch 4:
 - fix binder_type to check "egress" as well as pointed out by Daniel
-patch 1:
 - new patch due to rebase (another tp->q usage appeared)
-patch 7-10:
 - new patches to offload shared blocks in mlxsw

*** BLURB HERE ***

Jiri Pirko (10):
  cls_bpf: move prog offload->netdev check into drivers
  net: sched: introduce support for multiple filter chain pointers
registration
  net: sched: avoid usage of tp->q in tcf_classify
  net: sched: introduce block mechanism to handle netif_keep_dst calls
  net: sched: remove classid and q fields from tcf_proto
  net: sched: allow ingress and clsact qdiscs to share filter blocks
  mlxsw: spectrum_acl: Reshuffle code around
mlxsw_sp_acl_ruleset_create/destroy
  mlxsw: spectrum_acl: Don't store netdev and ingress for ruleset unbind
  mlxsw: spectrum_acl: Implement TC block sharing
  mlxsw: spectrum_acl: Pass mlxsw_sp_port down to ruleset bind/unbind
ops

 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 146 +++--
 drivers/net/ethernet/mellanox/mlxsw/spectrum.h |  38 ++-
 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 283 +-
 .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c|  44 ++-
 .../net/ethernet/mellanox/mlxsw/spectrum_flower.c  |  41 ++-
 drivers/net/ethernet/netronome/nfp/bpf/main.c  |   2 +
 include/linux/bpf.h|  16 +
 include/net/pkt_cls.h  |   4 +
 include/net/sch_generic.h  |   9 +-
 include/uapi/linux/pkt_sched.h |  11 +
 kernel/bpf/syscall.c   |  39 ++-
 net/sched/cls_api.c| 328 ++---
 net/sched/cls_bpf.c|  10 +-
 net/sched/cls_flow.c   |   2 +-
 net/sched/cls_route.c  |   2 +-
 net/sched/sch_ingress.c|  89 +-
 16 files changed, 851 insertions(+), 213 deletions(-)

-- 
2.9.5