| Message ID | 1621883935-33553-1-git-send-email-danielj@nvidia.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,F:linux-bluefield] UBUNTU: SAUCE: net/sched: act_ct: Offload connections with commit action | expand |
On 24/05/2021 15:18, Daniel Jurgens wrote: > From: Paul Blakey <paulb@nvidia.com> > > BugLink: https://bugs.launchpad.net/bugs/1929459 > > Currently established connections are not offloaded if the filter has a > "ct commit" action. This behavior will not offload connections of the > following scenario: > > $ tc_filter add dev $DEV ingress protocol ip prio 1 flower \ > ct_state -trk \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV ingress protocol ip chain 1 prio 1 flower \ > action mirred egress redirect dev $DEV2 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 flower \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 chain 1 flower \ > ct_state +trk+est \ > action mirred egress redirect dev $DEV > > Offload established connections, regardless of the commit flag. > > Signed-off-by: Paul Blakey <paulb@nvidia.com> > Reviewed-by: Oz Shlomo <ozsh@nvidia.com> > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Best regards, Krzysztof
On 24.05.21 21:18, Daniel Jurgens wrote: > From: Paul Blakey <paulb@nvidia.com> > > BugLink: https://bugs.launchpad.net/bugs/1929459 > > Currently established connections are not offloaded if the filter has a > "ct commit" action. This behavior will not offload connections of the > following scenario: > > $ tc_filter add dev $DEV ingress protocol ip prio 1 flower \ > ct_state -trk \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV ingress protocol ip chain 1 prio 1 flower \ > action mirred egress redirect dev $DEV2 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 flower \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 chain 1 flower \ > ct_state +trk+est \ > action mirred egress redirect dev $DEV > > Offload established connections, regardless of the commit flag. > > Signed-off-by: Paul Blakey <paulb@nvidia.com> > Reviewed-by: Oz Shlomo <ozsh@nvidia.com> > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thanks > --- > net/sched/act_ct.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c > index 4627bb7..4bc7c5e 100644 > --- a/net/sched/act_ct.c > +++ b/net/sched/act_ct.c > @@ -965,7 +965,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > */ > cached = tcf_ct_skb_nfct_cached(net, skb, p->zone, force); > if (!cached) { > - if (!commit && tcf_ct_flow_table_lookup(p, skb, family)) { > + if (tcf_ct_flow_table_lookup(p, skb, family)) { > skip_add = true; > goto do_nat; > } > @@ -1005,10 +1005,11 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > * even if the connection is already confirmed. > */ > nf_conntrack_confirm(skb); > - } else if (!skip_add) { > - tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); > } > > + if (!skip_add) > + tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); > + > out_push: > skb_push_rcsum(skb, nh_ofs); > >
Applied to F/bluefield master-next. thank you! -Kelsey On 2021-05-24 22:18:55 , Daniel Jurgens wrote: > From: Paul Blakey <paulb@nvidia.com> > > BugLink: https://bugs.launchpad.net/bugs/1929459 > > Currently established connections are not offloaded if the filter has a > "ct commit" action. This behavior will not offload connections of the > following scenario: > > $ tc_filter add dev $DEV ingress protocol ip prio 1 flower \ > ct_state -trk \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV ingress protocol ip chain 1 prio 1 flower \ > action mirred egress redirect dev $DEV2 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 flower \ > action ct commit action goto chain 1 > > $ tc_filter add dev $DEV2 ingress protocol ip prio 1 chain 1 flower \ > ct_state +trk+est \ > action mirred egress redirect dev $DEV > > Offload established connections, regardless of the commit flag. > > Signed-off-by: Paul Blakey <paulb@nvidia.com> > Reviewed-by: Oz Shlomo <ozsh@nvidia.com> > Signed-off-by: Daniel Jurgens <danielj@nvidia.com> > --- > net/sched/act_ct.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c > index 4627bb7..4bc7c5e 100644 > --- a/net/sched/act_ct.c > +++ b/net/sched/act_ct.c > @@ -965,7 +965,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > */ > cached = tcf_ct_skb_nfct_cached(net, skb, p->zone, force); > if (!cached) { > - if (!commit && tcf_ct_flow_table_lookup(p, skb, family)) { > + if (tcf_ct_flow_table_lookup(p, skb, family)) { > skip_add = true; > goto do_nat; > } > @@ -1005,10 +1005,11 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > * even if the connection is already confirmed. > */ > nf_conntrack_confirm(skb); > - } else if (!skip_add) { > - tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); > } > > + if (!skip_add) > + tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); > + > out_push: > skb_push_rcsum(skb, nh_ofs); > > -- > 1.8.3.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 4627bb7..4bc7c5e 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -965,7 +965,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, */ cached = tcf_ct_skb_nfct_cached(net, skb, p->zone, force); if (!cached) { - if (!commit && tcf_ct_flow_table_lookup(p, skb, family)) { + if (tcf_ct_flow_table_lookup(p, skb, family)) { skip_add = true; goto do_nat; } @@ -1005,10 +1005,11 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, * even if the connection is already confirmed. */ nf_conntrack_confirm(skb); - } else if (!skip_add) { - tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); } + if (!skip_add) + tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); + out_push: skb_push_rcsum(skb, nh_ofs);