On Tue, Dec 03, 2019 at 03:45:24PM +0200, Roi Dayan wrote: > The following patchset introduces hardware offload of OVS connection > tracking datapath rules. > > OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() > matches to support connection tracking. > > The datapath rules are in the form of: > > recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) > actions:ct(),recirc(2) > recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 > > This patchset will translate ct_state() and recirc_id() matches to tc > ct_state and chain matches respectively. The datapath actions ct() and > recirc() > will be translated to tc actions ct and goto chain respectively. > > The tc equivalent commands for the above rules are: > > $ tc filter add dev dev1 ingress \ > prio 1 chain 0 proto ip \ > flower tcp ct_state -trk \ > action ct pipe \ > action goto chain 2 > > $ tc filter add dev dev1 ingress \ > prio 1 chain 2 proto ip \ > flower tcp ct_state +trk+est \ > action mirred egress redirect dev dev2
Hi Roi, I understand that this patchset handles adding rules as described above. But do we also need a patchset to enable offload of NF flowtable, so conntrack entries are offloaded? Kind regards, Simon _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
