Linux kernel source tree
002841be13
This patch adds partial Access Control List (ACL) support for the ksz9477 family of switches. ACLs enable filtering of incoming layer 2 MAC, layer 3 IP, and layer 4 TCP/UDP packets on each port. They provide additional capabilities for filtering routed network protocols and can take precedence over other forwarding functions. ACLs can filter ingress traffic based on header fields such as source/destination MAC address, EtherType, IPv4 address, IPv4 protocol, UDP/TCP ports, and TCP flags. The ACL is an ordered list of up to 16 access control rules programmed into the ACL Table. Each entry specifies a set of matching conditions and action rules for controlling packet forwarding and priority. The ACL also implements a count function, generating an interrupt instead of a forwarding action. It can be used as a watchdog timer or an event counter. The ACL consists of three parts: matching rules, action rules, and processing entries. Multiple match conditions can be either AND'ed or OR'ed together. This patch introduces support for a subset of the available ACL functionality, specifically layer 2 matching and prioritization of matched packets. For example: tc qdisc add dev lan2 clsact tc filter add dev lan2 ingress protocol 0x88f7 flower action skbedit prio 7 tc qdisc add dev lan1 clsact tc filter add dev lan1 ingress protocol 0x88f7 flower action skbedit prio 7 The hardware offloading implementation was benchmarked against a configuration without hardware offloading. This latter setup relied on a software-based Linux bridge. No noticeable differences were observed between the two configurations. Here is an example of software-based test: ip l s dev enu1u1 up ip l s dev enu1u2 up ip l s dev enu1u4 up ethtool -A enu1u1 autoneg off rx off tx off ethtool -A enu1u2 autoneg off rx off tx off ethtool -A enu1u4 autoneg off rx off tx off ip l a name br0 type bridge ip l s dev br0 up ip l s enu1u1 master br0 ip l s enu1u2 master br0 ip l s enu1u4 master br0 tc qdisc add dev enu1u1 root handle 1: ets strict 4 priomap 3 3 2 2 1 1 0 0 tc qdisc add dev enu1u4 root handle 1: ets strict 4 priomap 3 3 2 2 1 1 0 0 tc qdisc add dev enu1u2 root handle 1: ets strict 4 priomap 3 3 2 2 1 1 0 0 tc qdisc add dev enu1u1 clsact tc filter add dev enu1u1 ingress protocol ipv4 flower action skbedit prio 7 tc qdisc add dev enu1u4 clsact tc filter add dev enu1u4 ingress protocol ipv4 flower action skbedit prio 0 On a system attached to the port enu1u2 I run two iperf3 server instances: iperf3 -s -p 5210 & iperf3 -s -p 5211 & On systems attached to enu1u4 and enu1u1 I run: iperf3 -u -c 172.17.0.1 -p 5210 -b100M -l1472 -t100 and iperf3 -u -c 172.17.0.1 -p 5211 -b100M -l1472 -t100 As a result, IP traffic on port enu1u1 will be prioritized and take precedence over IP traffic on port enu1u4 Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de> Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| Documentation | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| io_uring | ||
| ipc | ||
| kernel | ||
| lib | ||
| LICENSES | ||
| mm | ||
| net | ||
| rust | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | ||
| .cocciconfig | ||
| .get_maintainer.ignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .rustfmt.toml | ||
| COPYING | ||
| CREDITS | ||
| Kbuild | ||
| Kconfig | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.