Hi. This patch-set has some checkpatch issues. It'll be good if you could fix them before submitting the next version.
Best regards, Ilya Maximets. On 04.07.2019 17:28, Paul Blakey wrote: > Hi, > > The following patches add connection tracking offload to tc. > > We plan on offloading the datapath rules to netdev one to one to tc rules. > We'll be using upcoming act_ct tc module which is currently under review in > netdev for the datapath ct() action. > Tc chains and tc goto chain action for the recirc_id() match and recirc() > action. > cls_flower will do the matching on skb conntrack metadata for the ct_state > matches. > > The patchset for act_ct and cls_flower is here: > https://lwn.net/Articles/791584/ > > So datapath ovs connection tracking rules: > recirc_id(0),in_port(ens1f0_0),ct_state(-trk),... actions:ct(zone=2),recirc(2) > recirc_id(2),in_port(ens1f0_0),ct_state(+new+trk),ct_mark(0xbb),... > actions:ct(commit,zone=2,nat(src=5.5.5.7),mark=0xbb),ens1f0_1 > recirc_id(2),in_port(ens1f0_0),ct_state(+est+trk),ct_mark(0xbb),... > actions:ct(zone=2,nat),ens1f0_1 > > recirc_id(1),in_port(ens1f0_1),ct_state(-trk),... actions:ct(zone=2),recirc(1) > recirc_id(1),in_port(ens1f0_1),ct_state(+est+trk),... > actions:ct(zone=2,nat),ens1f0_0 > > Will be translated to these: > $ tc filter add dev ens1f0_0 ingress \ > prio 1 chain 0 proto ip \ > flower ip_proto tcp ct_state -trk \ > action ct zone 2 pipe \ > action goto chain 2 > $ tc filter add dev ens1f0_0 ingress \ > prio 1 chain 2 proto ip \ > flower ct_state +trk+new \ > action ct zone 2 commit mark 0xbb nat src addr 5.5.5.7 pipe \ > action mirred egress redirect dev ens1f0_1 > $ tc filter add dev ens1f0_0 ingress \ > prio 1 chain 2 proto ip \ > flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ > action ct nat pipe \ > action mirred egress redirect dev ens1f0_1 > > $ tc filter add dev ens1f0_1 ingress \ > prio 1 chain 0 proto ip \ > flower ip_proto tcp ct_state -trk \ > action ct zone 2 pipe \ > action goto chain 1 > $ tc filter add dev ens1f0_1 ingress \ > prio 1 chain 1 proto ip \ > flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ > action ct nat pipe \ > action mirred egress redirect dev ens1f0_0 > > > Changlog: > V1->V2: > Renamed netdev-tc-offloads to netdev-offload-tc (sorry about double email) > > Paul Blakey (8): > match: Add match_set_ct_zone_masked helper > compat: Add tc ct action and flower matches defines for older kernels > tc: Introduce tc_id to specify a tc filter > netdev-offload-tc: Implement netdev tc flush via tc filter del > netdev-offload-tc: Add recirculation support via tc chains > netdev-offload-tc: Add conntrack support > netdev-offload-tc: Add conntrack label and mark support > netdev-offload-tc: Add conntrack nat support > > acinclude.m4 | 6 +- > include/linux/automake.mk | 3 +- > include/linux/pkt_cls.h | 50 +++- > include/linux/tc_act/tc_ct.h | 41 +++ > include/openvswitch/match.h | 1 + > lib/dpif-netlink.c | 5 + > lib/match.c | 10 +- > lib/netdev-linux.c | 6 +- > lib/netdev-offload-tc.c | 595 > ++++++++++++++++++++++++++++++------------- > lib/tc.c | 411 ++++++++++++++++++++++++------ > lib/tc.h | 75 +++++- > 11 files changed, 921 insertions(+), 282 deletions(-) > create mode 100644 include/linux/tc_act/tc_ct.h > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
