From patchwork Tue Jan 29 07:59:07 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Blakey <paulb@mellanox.com>
X-Patchwork-Id: 1032539
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=mellanox.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43pf6B74bhz9sCX
	for <patchwork-incoming-netdev@ozlabs.org>;
	Tue, 29 Jan 2019 18:59:30 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726383AbfA2H73 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 29 Jan 2019 02:59:29 -0500
Received: from mail-il-dmz.mellanox.com ([193.47.165.129]:44069 "EHLO
	mellanox.co.il" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1725294AbfA2H73 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 29 Jan 2019 02:59:29 -0500
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
	paulb@mellanox.com)
	with ESMTPS (AES256-SHA encrypted); 29 Jan 2019 09:59:21 +0200
Received: from reg-r-vrt-019-180.mtr.labs.mlnx
	(reg-r-vrt-019-180.mtr.labs.mlnx [10.213.19.180])
	by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id x0T7xLjc001305;
	Tue, 29 Jan 2019 09:59:21 +0200
From: Paul Blakey <paulb@mellanox.com>
To: Guy Shattah <sguy@mellanox.com>, Marcelo Leitner <mleitner@redhat.com>,
	Aaron Conole <aconole@redhat.com>,
	John Hurley <john.hurley@netronome.com>,
	Simon Horman <simon.horman@netronome.com>,
	Justin Pettit <jpettit@ovn.org>, Gregory Rose <gvrose8192@gmail.com>,
	Eelco Chaudron <echaudro@redhat.com>, Flavio Leitner <fbl@redhat.com>,
	Florian Westphal <fwestpha@redhat.com>,
	Jiri Pirko <jiri@resnulli.us>, Rashid Khan <rkhan@redhat.com>,
	Sushil Kulkarni <sukulkar@redhat.com>,
	Andy Gospodarek <andrew.gospodarek@broadcom.com>,
	Roi Dayan <roid@mellanox.com>, Yossi Kuperman <yossiku@mellanox.com>,
	Or Gerlitz <ogerlitz@mellanox.com>, Rony Efraim <ronye@mellanox.com>,
	"davem@davemloft.net" <davem@davemloft.net>, netdev@vger.kernel.org
Cc: Paul Blakey <paulb@mellanox.com>
Subject: [RFC PATCH net-next 0/6 v2] connection tracking in tc and OVS
	offload
Date: Tue, 29 Jan 2019 09:59:07 +0200
Message-Id: <1548748753-22540-1-git-send-email-paulb@mellanox.com>
X-Mailer: git-send-email 1.8.4.3
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Hi,
As you may know,  we are working on connection tracking for a while, and we already
had patches for tc that matched our connection tracking offload RFC.

Marcelo already shared his tc patches for a similar action ct and flower match on ct_info state,
and this patches are pretty close to his. We would like to share ours and see what's the difference
so maybe we can merge the two.

I think the main difference here is that we propose the usage of a new metadata that resembles
ovs recirc id, so one can use tc recirculation in a similar way that ovs does.

The plan is to support offloading of OVS rules to tc, so this recirculation id will
be shared with and from OVS.

The following is an example using the recirc id metadata (aa_rep and bb_rep are two veth devices)

tc qdisc add dev bb_rep ingress
tc qdisc add dev aa_rep ingress
tc filter add dev aa_rep ingress prio 1 chain 0 proto ip flower match 'meta(tc_recirc mask 0xffffffff eq 0x1)' ct_state +trk+est  ip_proto tcp action mirred egress redirect dev bb_rep
tc filter add dev aa_rep ingress prio 1 chain 0 proto ip flower ct_state -trk ip_proto tcp action ct recirc 1 reclassify
tc filter add dev aa_rep ingress prio 1 chain 0 proto ip flower match 'meta(tc_recirc mask 0xffffffff eq 0x1)' ct_state +trk+new ip_proto tcp action ct commit pipe action mirred egress redirect dev bb_rep

tc filter add dev bb_rep ingress prio 1 chain 0 proto ip flower ct_state -trk ip_proto tcp action ct recirc 2 reclassify
tc filter add dev bb_rep ingress prio 1 chain 0 proto ip flower match 'meta(tc_recirc mask 0xffffffff eq 0x2)' ct_state +trk+est ip_proto tcp  action mirred egress redirect dev aa_rep

of course, goto chain instead of reclassify will also work.

There might be some difference in how we handle action ct and I'll follow up on that.


Changelog:
  v1->v2:
    Missed first patch :|
    Added netdev mailing list

Paul Blakey (6):
  net/sched: Introduce act_ct
  net/sched: cls_flower: add match on ct info
  net/sched: cls_flower: Add ematch support
  net: Add new tc recirc id skb extension
  net/sched: em_meta: add match on tc recirc id skb extension
  net/sched: act_ct: Add tc recirc id set/del support

 include/linux/skbuff.h                    |   1 +
 include/net/tc_act/tc_ct.h                |   2 +
 include/uapi/linux/pkt_cls.h              |  19 ++++
 include/uapi/linux/tc_act/tc_ct.h         |   2 +
 include/uapi/linux/tc_ematch/tc_em_meta.h |   1 +
 net/core/skbuff.c                         |   2 +
 net/sched/act_ct.c                        |  18 ++++
 net/sched/cls_flower.c                    | 148 ++++++++++++++++++++++++++++--
 net/sched/em_meta.c                       |   8 ++
 9 files changed, 194 insertions(+), 7 deletions(-)