Re: [dpdk-dev] [RFC] ethdev: add sanity packet checks

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Ori Kam <orika@nvidia.com>
To: Ajit Khaparde <ajit.khaparde@broadcom.com>
Cc: NBU-Contact-Thomas Monjalon <thomas@monjalon.net>,
	Slava Ovsiienko <viacheslavo@nvidia.com>,
	"ferruh.yigit@intel.com" <ferruh.yigit@intel.com>,
	Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>,
	"dev@dpdk.org" <dev@dpdk.org>,
	"jerinj@marvell.com" <jerinj@marvell.com>,
	Ori Kam <orika@nvidia.com>
Subject: Re: [dpdk-dev] [RFC] ethdev: add sanity packet checks
Date: Tue, 9 Mar 2021 19:21:17 +0000	[thread overview]
Message-ID: <DM6PR12MB4987A059AF7ABF045BE07BF2D6929@DM6PR12MB4987.namprd12.prod.outlook.com> (raw)
In-Reply-To: <CACZ4nhsJ=NrAkCxdU3YVqAPxt9vSEo7wOuwc_3u4B+ji2fZj6A@mail.gmail.com>

Hi

> -----Original Message-----
> From: Ajit Khaparde <ajit.khaparde@broadcom.com>
> Subject: Re: [dpdk-dev] [RFC] ethdev: add sanity packet checks
> 
> On Sun, Mar 7, 2021 at 10:46 AM Ori Kam <orika@nvidia.com> wrote:
> >
> > Hi
> >
> > > -----Original Message-----
> > > From: Thomas Monjalon <thomas@monjalon.net>
> > > Sent: Thursday, March 4, 2021 12:46 PM
> > > Subject: Re: [dpdk-dev] [RFC] ethdev: add sanity packet checks
> > >
> > > 04/03/2021 11:00, Ori Kam:
> > > > From: Thomas Monjalon
> > > > > 28/02/2021 20:48, Ori Kam:
> > > > > > Currently, DPDK application can offload the checksum check,
> > > > > > and report it in the mbuf.
> > > > > >
> > > > > > However, this approach doesn't work if the traffic
> > > > > > is offloaded and should not arrive to the application.
> > > > > >
> > > > > > This commit introduces rte flow item that enables
> > > > >
> > > > > s/rte flow/rte_flow/
> > > > >
> > > >
> > > > Sure
> > > >
> > > > > > matching on the checksum of the L3 and L4 layers,
> > > > > > in addition to other checks that can determine if
> > > > > > the packet is valid.
> > > > > > some of those tests can be packet len, data len,
> > > > > > unsupported flags, and so on.
> > > > > >
> > > > > > The full check is HW dependent.
> > > > >
> > > > > What is the "full check"?
> > > > > How much it is HW dependent?
> > > > >
> > > >
> > > > This also relates to your other comments,
> > > > Each HW may run different set of checks on the packet,
> > > > for example one PMD can just check the tcp flags while
> > > > a different PMD will also check the option.
> > >
> > > I'm not sure how an application can rely on
> > > such a vague definition.
> > >
> > Even now we are marking a packet in the mbuf with unknown
> > in case of some error.
> > Would a better wording be " The HW detected errors in the packet"
> > in any case if the app will need to know what is the error it is his
> > responsibility, this item is just verification for fast path.
> > If you have better suggestion, I will be very happy to hear.
> >
> > >
> > > > > > + * RTE_FLOW_ITEM_TYPE_SANITY_CHECKS
> > > > > > + *
> > > > > > + * Enable matching on packet validity based on HW checks for the L3
> and
> > > L4
> > > > > > + * layers.
> > > > > > + */
> > > > > > +struct rte_flow_item_sanity_checks {
> > > > > > +       uint32_t level;
> > > > > > +       /**< Packet encapsulation level the item should apply to.
> > > > > > +        * @see rte_flow_action_rss
> > > > > > +        */
> > > > > > +RTE_STD_C11
> > > > > > +       union {
> > > > > > +               struct {
> > > > >
> > > > > Why there is no L2 check?
> > > > >
> > > > Our HW doesn't support it.
> > > > If other HW support it, it should be added.
> > >
> > > It would be an ABI breakage. Can we add it day one?
> > >
> > Will add reserve, since this is bit field there shouldn't be any
> > ABI break.
> >
> > > > > > +                       uint32_t l3_ok:1;
> > > > > > +                       /**< L3 layer is valid after passing all HW checking. */
> > > > > > +                       uint32_t l4_ok:1;
> > > > > > +                       /**< L4 layer is valid after passing all HW checking. */
> > > > >
> > > > > l3_ok and l4_ok looks vague.
> > > > > What does it cover exactly?
> > > > >
> > > > It depends on the HW in question.
> > > > In our case it checks in case of L3
> > > > the header len, and the version.
> > > > For L4 checking the len.
> > >
> > > If we don't know exactly what is checked,
> > > how an application can rely on it?
> > > Is it a best effort check? What is the use case?
> > >
> > From application point of view that packet is invalid.
> > it is the app responsibility to understand why.
> 
> And that it can determine based on the available fields in ol_flags. right?

Right.

> If HW can indicate that the packet integrity is in question,
> a PMD should be able to set the bits in ol_flags. After that
> the application should decide what to drop and what to pass.
> 
> What is missing is the ability for the application to tell the HW/PMD to
> drop any packet which fails packet integrity checks.
> 
This is the drop action.
Or am I missing something?

> I believe generally drop packets when Ethernet CRC check fails.
> But l3 and l4 errors are left to the application to deal with.
> If an application wants to save some CPU cycles, it could ask the
> hardware to drop those packets as well. So one bit to enable/disable
> this for all packets should be good.
> 
> In case we still want to pursue this per flow, how about
> RTE_FLOW_ITEM_TYPE_PACKET_INTEGRITY_CHECKS instead of
> RTE_FLOW_ITEM_TYPE_SANITY_CHECKS
> 
Sure I like your name better.

Best,
Ori

next prev parent reply	other threads:[~2021-03-09 19:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-28 19:48 Ori Kam
2021-02-28 20:14 ` Thomas Monjalon
2021-03-04 10:00   ` Ori Kam
2021-03-04 10:46     ` Thomas Monjalon
2021-03-07 18:46       ` Ori Kam
2021-03-08 23:05         ` Ajit Khaparde
2021-03-09 19:21           ` Ori Kam [this message]
2021-03-09  9:01 ` Andrew Rybchenko
2021-03-09  9:11   ` Thomas Monjalon
2021-03-09 15:08     ` Ori Kam
2021-03-09 15:27       ` Andrew Rybchenko
2021-03-09 19:46         ` Ori Kam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM6PR12MB4987A059AF7ABF045BE07BF2D6929@DM6PR12MB4987.namprd12.prod.outlook.com \
    --to=orika@nvidia.com \
    --cc=ajit.khaparde@broadcom.com \
    --cc=andrew.rybchenko@oktetlabs.ru \
    --cc=dev@dpdk.org \
    --cc=ferruh.yigit@intel.com \
    --cc=jerinj@marvell.com \
    --cc=thomas@monjalon.net \
    --cc=viacheslavo@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).