| Message ID | 1577009803-4331-1-git-send-email-paulb@mellanox.com |
|---|---|
| Headers | show |
| Series | Add support for offloading CT datapath rules to TC | expand |
On Sun, Dec 22, 2019 at 12:16:33PM +0200, Paul Blakey wrote: > The following patchset introduces hardware offload of OVS connection > tracking datapath rules. > > OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() > matches to support connection tracking. > > The datapath rules are in the form of: > > recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2) > recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 > > This patchset will translate ct_state() and recirc_id() matches to tc > ct_state and chain matches respectively. The datapath actions ct() and recirc() > will be translated to tc actions ct and goto chain respectively. > > The tc equivalent commands for the above rules are: > > $ tc filter add dev dev1 ingress \ > prio 1 chain 0 proto ip \ > flower tcp ct_state -trk \ > action ct pipe \ > action goto chain 2 > > $ tc filter add dev dev1 ingress \ > prio 1 chain 2 proto ip \ > flower tcp ct_state +trk+est \ > action mirred egress redirect dev dev2 > Hi Paul, Happy New Year! Thanks for persisting with this series. I was waiting to see if there was further review and I waited longer than I might have otherwise due to the end-of-year holiday season. Perhaps I did not wait long enough but I do think this series looks good. And the delta between recent versions has been quite small. So I think that any further feedback can be addressed by follow-up patches. I have applied this series to master. > Thanks, > Paul > > Paul Blakey (10): > match: Add match_set_ct_zone_masked helper > compat: Add tc ct action and flower matches defines for older kernels > tc: Introduce tcf_id to specify a tc filter > netdev-offload-tc: Implement netdev tc flush via tc filter del > dpif: Add support to set user features > tc: Move tunnel_key unset action before output ports > netdev-offload-tc: Add recirculation support via tc chains > netdev-offload-tc: Add conntrack support > netdev-offload-tc: Add conntrack label and mark support > netdev-offload-tc: Add conntrack nat support > > datapath/linux/compat/include/linux/openvswitch.h | 3 + > include/linux/automake.mk | 3 +- > include/linux/pkt_cls.h | 46 +- > include/linux/tc_act/tc_ct.h | 41 ++ > include/openvswitch/match.h | 2 + > lib/dpif-netdev.c | 1 + > lib/dpif-netlink.c | 63 ++- > lib/dpif-provider.h | 2 + > lib/dpif.c | 9 + > lib/dpif.h | 2 + > lib/match.c | 10 +- > lib/netdev-linux.c | 6 +- > lib/netdev-offload-tc.c | 607 +++++++++++++++------- > lib/netdev-offload.h | 3 + > lib/tc.c | 448 ++++++++++++---- > lib/tc.h | 112 +++- > 16 files changed, 1070 insertions(+), 288 deletions(-) > create mode 100644 include/linux/tc_act/tc_ct.h > > -- > 1.8.3.1 >
On 1/3/2020 9:32 AM, Simon Horman wrote: > On Sun, Dec 22, 2019 at 12:16:33PM +0200, Paul Blakey wrote: >> The following patchset introduces hardware offload of OVS connection >> tracking datapath rules. >> >> OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() >> matches to support connection tracking. >> >> The datapath rules are in the form of: >> >> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2) >> recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 >> >> This patchset will translate ct_state() and recirc_id() matches to tc >> ct_state and chain matches respectively. The datapath actions ct() and recirc() >> will be translated to tc actions ct and goto chain respectively. >> >> The tc equivalent commands for the above rules are: >> >> $ tc filter add dev dev1 ingress \ >> prio 1 chain 0 proto ip \ >> flower tcp ct_state -trk \ >> action ct pipe \ >> action goto chain 2 >> >> $ tc filter add dev dev1 ingress \ >> prio 1 chain 2 proto ip \ >> flower tcp ct_state +trk+est \ >> action mirred egress redirect dev dev2 >> > Hi Paul, > > Happy New Year! > > Thanks for persisting with this series. > > I was waiting to see if there was further review and I waited longer > than I might have otherwise due to the end-of-year holiday season. > Perhaps I did not wait long enough but I do think this series looks good. > And the delta between recent versions has been quite small. So I think > that any further feedback can be addressed by follow-up patches. > > I have applied this series to master. Hi, Happy new year :) Thanks for merging. Paul. > >> Thanks, >> Paul >> >> Paul Blakey (10): >> match: Add match_set_ct_zone_masked helper >> compat: Add tc ct action and flower matches defines for older kernels >> tc: Introduce tcf_id to specify a tc filter >> netdev-offload-tc: Implement netdev tc flush via tc filter del >> dpif: Add support to set user features >> tc: Move tunnel_key unset action before output ports >> netdev-offload-tc: Add recirculation support via tc chains >> netdev-offload-tc: Add conntrack support >> netdev-offload-tc: Add conntrack label and mark support >> netdev-offload-tc: Add conntrack nat support >> >> datapath/linux/compat/include/linux/openvswitch.h | 3 + >> include/linux/automake.mk | 3 +- >> include/linux/pkt_cls.h | 46 +- >> include/linux/tc_act/tc_ct.h | 41 ++ >> include/openvswitch/match.h | 2 + >> lib/dpif-netdev.c | 1 + >> lib/dpif-netlink.c | 63 ++- >> lib/dpif-provider.h | 2 + >> lib/dpif.c | 9 + >> lib/dpif.h | 2 + >> lib/match.c | 10 +- >> lib/netdev-linux.c | 6 +- >> lib/netdev-offload-tc.c | 607 +++++++++++++++------- >> lib/netdev-offload.h | 3 + >> lib/tc.c | 448 ++++++++++++---- >> lib/tc.h | 112 +++- >> 16 files changed, 1070 insertions(+), 288 deletions(-) >> create mode 100644 include/linux/tc_act/tc_ct.h >> >> -- >> 1.8.3.1 >>
The following patchset introduces hardware offload of OVS connection tracking datapath rules. OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() matches to support connection tracking. The datapath rules are in the form of: recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2) recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 This patchset will translate ct_state() and recirc_id() matches to tc ct_state and chain matches respectively. The datapath actions ct() and recirc() will be translated to tc actions ct and goto chain respectively. The tc equivalent commands for the above rules are: $ tc filter add dev dev1 ingress \ prio 1 chain 0 proto ip \ flower tcp ct_state -trk \ action ct pipe \ action goto chain 2 $ tc filter add dev dev1 ingress \ prio 1 chain 2 proto ip \ flower tcp ct_state +trk+est \ action mirred egress redirect dev dev2 Thanks, Paul Paul Blakey (10): match: Add match_set_ct_zone_masked helper compat: Add tc ct action and flower matches defines for older kernels tc: Introduce tcf_id to specify a tc filter netdev-offload-tc: Implement netdev tc flush via tc filter del dpif: Add support to set user features tc: Move tunnel_key unset action before output ports netdev-offload-tc: Add recirculation support via tc chains netdev-offload-tc: Add conntrack support netdev-offload-tc: Add conntrack label and mark support netdev-offload-tc: Add conntrack nat support datapath/linux/compat/include/linux/openvswitch.h | 3 + include/linux/automake.mk | 3 +- include/linux/pkt_cls.h | 46 +- include/linux/tc_act/tc_ct.h | 41 ++ include/openvswitch/match.h | 2 + lib/dpif-netdev.c | 1 + lib/dpif-netlink.c | 63 ++- lib/dpif-provider.h | 2 + lib/dpif.c | 9 + lib/dpif.h | 2 + lib/match.c | 10 +- lib/netdev-linux.c | 6 +- lib/netdev-offload-tc.c | 607 +++++++++++++++------- lib/netdev-offload.h | 3 + lib/tc.c | 448 ++++++++++++---- lib/tc.h | 112 +++- 16 files changed, 1070 insertions(+), 288 deletions(-) create mode 100644 include/linux/tc_act/tc_ct.h