[net-next,iproute2,v2,0/3] net/sched: Introduce tc connection tracking

Message ID	1562832867-32347-1-git-send-email-paulb@mellanox.com
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Paul Blakey <paulb@mellanox.com> To: Jiri Pirko <jiri@mellanox.com>, Paul Blakey <paulb@mellanox.com>, Roi Dayan <roid@mellanox.com>, Yossi Kuperman <yossiku@mellanox.com>, Oz Shlomo <ozsh@mellanox.com>, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>, netdev@vger.kernel.org, David Miller <davem@davemloft.net>, Aaron Conole <aconole@redhat.com>, Zhike Wang <wangzhike@jd.com> Cc: Rony Efraim <ronye@mellanox.com>, nst-kernel@redhat.com, John Hurley <john.hurley@netronome.com>, Simon Horman <simon.horman@netronome.com>, Justin Pettit <jpettit@ovn.org> Subject: [PATCH net-next iproute2 v2 0/3] net/sched: Introduce tc connection tracking Date: Thu, 11 Jul 2019 11:14:24 +0300 Message-Id: <1562832867-32347-1-git-send-email-paulb@mellanox.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	net/sched: Introduce tc connection tracking \| expand [net-next,iproute2,v2,0/3] net/sched: Introduce tc connection tracking [net-next,iproute2,v2,1/3] tc: add NLA_F_NESTED flag to all actions options nested block [net-next,iproute2,v2,2/3] tc: Introduce tc ct action [net-next,iproute2,v2,3/3] tc: flower: Add matching on conntrack info

Message ID

1562832867-32347-1-git-send-email-paulb@mellanox.com

Headers

From: Paul Blakey <paulb@mellanox.com>
To: Jiri Pirko <jiri@mellanox.com>, Paul Blakey <paulb@mellanox.com>,
	Roi Dayan <roid@mellanox.com>, Yossi Kuperman <yossiku@mellanox.com>,
	Oz Shlomo <ozsh@mellanox.com>,
	Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	netdev@vger.kernel.org, David Miller <davem@davemloft.net>,
	Aaron Conole <aconole@redhat.com>, Zhike Wang <wangzhike@jd.com>
Cc: Rony Efraim <ronye@mellanox.com>, nst-kernel@redhat.com,
	John Hurley <john.hurley@netronome.com>,
	Simon Horman <simon.horman@netronome.com>,
	Justin Pettit <jpettit@ovn.org>
Subject: [PATCH net-next iproute2 v2 0/3] net/sched: Introduce tc connection
	tracking
Date: Thu, 11 Jul 2019 11:14:24 +0300
Message-Id: <1562832867-32347-1-git-send-email-paulb@mellanox.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

net/sched: Introduce tc connection tracking | expand

Message

Paul Blakey July 11, 2019, 8:14 a.m. UTC

Hi,

This patch series add connection tracking capabilities in tc.
It does so via a new tc action, called act_ct, and new tc flower classifier matching.
Act ct and relevant flower matches, are still under review in net-next mailing list.

Usage is as follows:
$ tc qdisc add dev ens1f0_0 ingress
$ tc qdisc add dev ens1f0_1 ingress

$ tc filter add dev ens1f0_0 ingress \
  prio 1 chain 0 proto ip \
  flower ip_proto tcp ct_state -trk \
  action ct zone 2 pipe \
  action goto chain 2
$ tc filter add dev ens1f0_0 ingress \
  prio 1 chain 2 proto ip \
  flower ct_state +trk+new \
  action ct zone 2 commit mark 0xbb nat src addr 5.5.5.7 pipe \
  action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_0 ingress \
  prio 1 chain 2 proto ip \
  flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
  action ct nat pipe \
  action mirred egress redirect dev ens1f0_1

$ tc filter add dev ens1f0_1 ingress \
  prio 1 chain 0 proto ip \
  flower ip_proto tcp ct_state -trk \
  action ct zone 2 pipe \
  action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
  prio 1 chain 1 proto ip \
  flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
  action ct nat pipe \
  action mirred egress redirect dev ens1f0_0

Changelog:
V1->V2:
	Removed pkt_cls changes (as it was merged already)

Paul Blakey (3):
  tc: add NLA_F_NESTED flag to all actions options nested block
  tc: Introduce tc ct action
  tc: flower: Add matching on conntrack info

 include/uapi/linux/tc_act/tc_ct.h |  41 ++++
 man/man8/tc-flower.8              |  35 +++
 tc/Makefile                       |   1 +
 tc/f_flower.c                     | 276 ++++++++++++++++++++-
 tc/m_action.c                     |   3 +-
 tc/m_ct.c                         | 497 ++++++++++++++++++++++++++++++++++++++
 tc/tc_util.c                      |  44 ++++
 tc/tc_util.h                      |   4 +
 8 files changed, 899 insertions(+), 2 deletions(-)
 create mode 100644 include/uapi/linux/tc_act/tc_ct.h
 create mode 100644 tc/m_ct.c

Comments

Paul Blakey July 18, 2019, 3 p.m. UTC | #1

Hey guys,

any more comments?

thanks,

Paul.

Marcelo Ricardo Leitner July 18, 2019, 4:52 p.m. UTC | #2

On Thu, Jul 18, 2019 at 03:00:34PM +0000, Paul Blakey wrote:
> Hey guys,
> 
> any more comments?

From my side, just the man page on tc-ct(8) that is missing.
Everything else seems to be in place.

Thanks,
Marcelo

David Ahern July 18, 2019, 4:58 p.m. UTC | #3

On 7/18/19 10:52 AM, Marcelo Ricardo Leitner wrote:
> On Thu, Jul 18, 2019 at 03:00:34PM +0000, Paul Blakey wrote:
>> Hey guys,
>>
>> any more comments?
> 
> From my side, just the man page on tc-ct(8) that is missing.
> Everything else seems to be in place.
> 
> Thanks,
> Marcelo
> 

Paul: If there are no other comments, I'll push these to iproute2-next
later today. In that case, send the man page as a follow on patch.

David Ahern July 18, 2019, 10:42 p.m. UTC | #4

On 7/11/19 2:14 AM, Paul Blakey wrote:
> Hi,
> 
> This patch series add connection tracking capabilities in tc.
> It does so via a new tc action, called act_ct, and new tc flower classifier matching.
> Act ct and relevant flower matches, are still under review in net-next mailing list.
> 

...

> 
> Paul Blakey (3):
>   tc: add NLA_F_NESTED flag to all actions options nested block
>   tc: Introduce tc ct action
>   tc: flower: Add matching on conntrack info
> 

applied to iproute2-next. Thanks