On Sun, Dec 22, 2019 at 12:16:33PM +0200, Paul Blakey wrote: > The following patchset introduces hardware offload of OVS connection > tracking datapath rules. > > OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() > matches to support connection tracking. > > The datapath rules are in the form of: > > recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) > actions:ct(),recirc(2) > recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 > > This patchset will translate ct_state() and recirc_id() matches to tc > ct_state and chain matches respectively. The datapath actions ct() and > recirc() > will be translated to tc actions ct and goto chain respectively. > > The tc equivalent commands for the above rules are: > > $ tc filter add dev dev1 ingress \ > prio 1 chain 0 proto ip \ > flower tcp ct_state -trk \ > action ct pipe \ > action goto chain 2 > > $ tc filter add dev dev1 ingress \ > prio 1 chain 2 proto ip \ > flower tcp ct_state +trk+est \ > action mirred egress redirect dev dev2 >
Hi Paul, Happy New Year! Thanks for persisting with this series. I was waiting to see if there was further review and I waited longer than I might have otherwise due to the end-of-year holiday season. Perhaps I did not wait long enough but I do think this series looks good. And the delta between recent versions has been quite small. So I think that any further feedback can be addressed by follow-up patches. I have applied this series to master. > Thanks, > Paul > > Paul Blakey (10): > match: Add match_set_ct_zone_masked helper > compat: Add tc ct action and flower matches defines for older kernels > tc: Introduce tcf_id to specify a tc filter > netdev-offload-tc: Implement netdev tc flush via tc filter del > dpif: Add support to set user features > tc: Move tunnel_key unset action before output ports > netdev-offload-tc: Add recirculation support via tc chains > netdev-offload-tc: Add conntrack support > netdev-offload-tc: Add conntrack label and mark support > netdev-offload-tc: Add conntrack nat support > > datapath/linux/compat/include/linux/openvswitch.h | 3 + > include/linux/automake.mk | 3 +- > include/linux/pkt_cls.h | 46 +- > include/linux/tc_act/tc_ct.h | 41 ++ > include/openvswitch/match.h | 2 + > lib/dpif-netdev.c | 1 + > lib/dpif-netlink.c | 63 ++- > lib/dpif-provider.h | 2 + > lib/dpif.c | 9 + > lib/dpif.h | 2 + > lib/match.c | 10 +- > lib/netdev-linux.c | 6 +- > lib/netdev-offload-tc.c | 607 > +++++++++++++++------- > lib/netdev-offload.h | 3 + > lib/tc.c | 448 ++++++++++++---- > lib/tc.h | 112 +++- > 16 files changed, 1070 insertions(+), 288 deletions(-) > create mode 100644 include/linux/tc_act/tc_ct.h > > -- > 1.8.3.1 > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
