[ovs-dev] [PATCH RFC v2 0/8] Introduce connection tracking tc offload

Ilya Maximets i.maximets at samsung.com
Mon Jul 29 13:16:47 UTC 2019


Hi.

This patch-set has some checkpatch issues. It'll be good if you
could fix them before submitting the next version.

Best regards, Ilya Maximets.

On 04.07.2019 17:28, Paul Blakey wrote:
> Hi,
> 
> The following patches add connection tracking offload to tc.
> 
> We plan on offloading the datapath rules to netdev one to one to tc rules.
> We'll be using upcoming act_ct tc module which is currently under review in netdev for the datapath ct() action.
> Tc chains and tc goto chain action for the recirc_id() match and recirc() action.
> cls_flower will do the matching on skb conntrack metadata for the ct_state matches.
> 
> The patchset for act_ct and cls_flower is here: https://lwn.net/Articles/791584/
> 
> So datapath ovs connection tracking rules:
> recirc_id(0),in_port(ens1f0_0),ct_state(-trk),... actions:ct(zone=2),recirc(2)
> recirc_id(2),in_port(ens1f0_0),ct_state(+new+trk),ct_mark(0xbb),... actions:ct(commit,zone=2,nat(src=5.5.5.7),mark=0xbb),ens1f0_1
> recirc_id(2),in_port(ens1f0_0),ct_state(+est+trk),ct_mark(0xbb),... actions:ct(zone=2,nat),ens1f0_1
> 
> recirc_id(1),in_port(ens1f0_1),ct_state(-trk),... actions:ct(zone=2),recirc(1)
> recirc_id(1),in_port(ens1f0_1),ct_state(+est+trk),... actions:ct(zone=2,nat),ens1f0_0
> 
> Will be translated to these:
> $ tc filter add dev ens1f0_0 ingress \
>   prio 1 chain 0 proto ip \
>   flower ip_proto tcp ct_state -trk \
>   action ct zone 2 pipe \
>   action goto chain 2
> $ tc filter add dev ens1f0_0 ingress \
>   prio 1 chain 2 proto ip \
>   flower ct_state +trk+new \
>   action ct zone 2 commit mark 0xbb nat src addr 5.5.5.7 pipe \
>   action mirred egress redirect dev ens1f0_1
> $ tc filter add dev ens1f0_0 ingress \
>   prio 1 chain 2 proto ip \
>   flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
>   action ct nat pipe \
>   action mirred egress redirect dev ens1f0_1
> 
> $ tc filter add dev ens1f0_1 ingress \
>   prio 1 chain 0 proto ip \
>   flower ip_proto tcp ct_state -trk \
>   action ct zone 2 pipe \
>   action goto chain 1
> $ tc filter add dev ens1f0_1 ingress \
>   prio 1 chain 1 proto ip \
>   flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
>   action ct nat pipe \
>   action mirred egress redirect dev ens1f0_0
> 
> 
> Changlog:
> V1->V2:
>     Renamed netdev-tc-offloads to netdev-offload-tc (sorry about double email)
> 
> Paul Blakey (8):
>   match: Add match_set_ct_zone_masked helper
>   compat: Add tc ct action and flower matches defines for older kernels
>   tc: Introduce tc_id to specify a tc filter
>   netdev-offload-tc: Implement netdev tc flush via tc filter del
>   netdev-offload-tc: Add recirculation support via tc chains
>   netdev-offload-tc: Add conntrack support
>   netdev-offload-tc: Add conntrack label and mark support
>   netdev-offload-tc: Add conntrack nat support
> 
>  acinclude.m4                 |   6 +-
>  include/linux/automake.mk    |   3 +-
>  include/linux/pkt_cls.h      |  50 +++-
>  include/linux/tc_act/tc_ct.h |  41 +++
>  include/openvswitch/match.h  |   1 +
>  lib/dpif-netlink.c           |   5 +
>  lib/match.c                  |  10 +-
>  lib/netdev-linux.c           |   6 +-
>  lib/netdev-offload-tc.c      | 595 ++++++++++++++++++++++++++++++-------------
>  lib/tc.c                     | 411 ++++++++++++++++++++++++------
>  lib/tc.h                     |  75 +++++-
>  11 files changed, 921 insertions(+), 282 deletions(-)
>  create mode 100644 include/linux/tc_act/tc_ct.h
> 


More information about the dev mailing list