[ovs-dev] [PATCH v2 00/10] Add support for offloading CT datapath rules to TC

Wed, 27 Nov 2019 04:56:16 -0800 

The following patchset introduces hardware offload of OVS connection
tracking datapath rules.

OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state()
matches to support connection tracking.

The datapath rules are in the form of:

recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) 
actions:ct(),recirc(2)
recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4

This patchset will translate ct_state() and recirc_id() matches to tc 
ct_state and chain matches respectively. The datapath actions ct() and recirc()
will be translated to tc actions ct and goto chain respectively.

The tc equivalent commands for the above rules are:

$ tc filter add dev dev1 ingress \
                    prio 1 chain 0 proto ip \
                                flower tcp ct_state -trk \
                                action ct pipe \
                                action goto chain 2
                                
$ tc filter add dev dev1 ingress \
                    prio 1 chain 2 proto ip \
                                flower tcp ct_state +trk+est \
                                action mirred egress redirect dev dev2

Thanks,
Roi

Paul Blakey (10):
  match: Add match_set_ct_zone_masked helper
  compat: Add tc ct action and flower matches defines for older kernels
  tc: Introduce tc_id to specify a tc filter
  netdev-offload-tc: Implement netdev tc flush via tc filter del
  netdev-offload-tc: Add recirculation support via tc chains
  netdev-offload-tc: Add conntrack support
  netdev-offload-tc: Add conntrack label and mark support
  netdev-offload-tc: Add conntrack nat support
  tc: Move tunnel_key unset action before output ports
  netdev-offloads-tc: Probe recirc tc sharing feature on first recirc_id
    rule

 datapath/linux/compat/include/linux/openvswitch.h |   3 +
 include/linux/automake.mk                         |   3 +-
 include/linux/pkt_cls.h                           |  46 +-
 include/linux/tc_act/tc_ct.h                      |  41 ++
 include/openvswitch/match.h                       |   2 +
 lib/dpif-netdev.c                                 |   1 +
 lib/dpif-netlink.c                                |  64 ++-
 lib/dpif-provider.h                               |   2 +
 lib/dpif.c                                        |   9 +
 lib/dpif.h                                        |   2 +
 lib/match.c                                       |  10 +-
 lib/netdev-linux.c                                |   6 +-
 lib/netdev-offload-tc.c                           | 626 ++++++++++++++++------
 lib/netdev-offload.h                              |   2 +-
 lib/tc.c                                          | 422 ++++++++++++---
 lib/tc.h                                          | 108 +++-
 16 files changed, 1062 insertions(+), 285 deletions(-)
 create mode 100644 include/linux/tc_act/tc_ct.h

-- 
2.8.4

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to