[ovs-dev] [PATCH v7 00/10] Add support for offloading CT datapath rules to TC

Simon Horman simon.horman at netronome.com
Fri Jan 3 07:32:14 UTC 2020


On Sun, Dec 22, 2019 at 12:16:33PM +0200, Paul Blakey wrote:
> The following patchset introduces hardware offload of OVS connection
> tracking datapath rules.
> 
> OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state()
> matches to support connection tracking.
> 
> The datapath rules are in the form of:
> 
> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2)
> recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4
> 
> This patchset will translate ct_state() and recirc_id() matches to tc 
> ct_state and chain matches respectively. The datapath actions ct() and recirc()
> will be translated to tc actions ct and goto chain respectively.
> 
> The tc equivalent commands for the above rules are:
> 
> $ tc filter add dev dev1 ingress \
>                     prio 1 chain 0 proto ip \
>                                 flower tcp ct_state -trk \
>                                 action ct pipe \
>                                 action goto chain 2
>                                 
> $ tc filter add dev dev1 ingress \
>                     prio 1 chain 2 proto ip \
>                                 flower tcp ct_state +trk+est \
>                                 action mirred egress redirect dev dev2
> 

Hi Paul,

Happy New Year!

Thanks for persisting with this series.

I was waiting to see if there was further review and I waited longer
than I might have otherwise due to the end-of-year holiday season.
Perhaps I did not wait long enough but I do think this series looks good.
And the delta between recent versions has been quite small. So I think
that any further feedback can be addressed by follow-up patches.

I have applied this series to master.

> Thanks,
> Paul
> 
> Paul Blakey (10):
>   match: Add match_set_ct_zone_masked helper
>   compat: Add tc ct action and flower matches defines for older kernels
>   tc: Introduce tcf_id to specify a tc filter
>   netdev-offload-tc: Implement netdev tc flush via tc filter del
>   dpif: Add support to set user features
>   tc: Move tunnel_key unset action before output ports
>   netdev-offload-tc: Add recirculation support via tc chains
>   netdev-offload-tc: Add conntrack support
>   netdev-offload-tc: Add conntrack label and mark support
>   netdev-offload-tc: Add conntrack nat support
> 
>  datapath/linux/compat/include/linux/openvswitch.h |   3 +
>  include/linux/automake.mk                         |   3 +-
>  include/linux/pkt_cls.h                           |  46 +-
>  include/linux/tc_act/tc_ct.h                      |  41 ++
>  include/openvswitch/match.h                       |   2 +
>  lib/dpif-netdev.c                                 |   1 +
>  lib/dpif-netlink.c                                |  63 ++-
>  lib/dpif-provider.h                               |   2 +
>  lib/dpif.c                                        |   9 +
>  lib/dpif.h                                        |   2 +
>  lib/match.c                                       |  10 +-
>  lib/netdev-linux.c                                |   6 +-
>  lib/netdev-offload-tc.c                           | 607 +++++++++++++++-------
>  lib/netdev-offload.h                              |   3 +
>  lib/tc.c                                          | 448 ++++++++++++----
>  lib/tc.h                                          | 112 +++-
>  16 files changed, 1070 insertions(+), 288 deletions(-)
>  create mode 100644 include/linux/tc_act/tc_ct.h
> 
> -- 
> 1.8.3.1
> 


More information about the dev mailing list