From patchwork Mon Dec 16 15:53:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Blakey X-Patchwork-Id: 1210508 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=mellanox.com Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47c5R55pfMz9sR1 for ; Tue, 17 Dec 2019 02:53:37 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 1696487681; Mon, 16 Dec 2019 15:53:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OOf6wqyGwz1T; Mon, 16 Dec 2019 15:53:32 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 3B7E6875CF; Mon, 16 Dec 2019 15:53:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0D124C1AE8; Mon, 16 Dec 2019 15:53:32 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 755DAC077D for ; Mon, 16 Dec 2019 15:53:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5D408875DB for ; Mon, 16 Dec 2019 15:53:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AASZQni754yD for ; Mon, 16 Dec 2019 15:53:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by whitealder.osuosl.org (Postfix) with ESMTP id 4122E875CF for ; Mon, 16 Dec 2019 15:53:29 +0000 (UTC) Received: from Internal Mail-Server by MTLPINE1 (envelope-from paulb@mellanox.com) with ESMTPS (AES256-SHA encrypted); 16 Dec 2019 17:53:25 +0200 Received: from reg-r-vrt-019-180.mtr.labs.mlnx (reg-r-vrt-019-180.mtr.labs.mlnx [10.213.19.180]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id xBGFrPbL000698; Mon, 16 Dec 2019 17:53:25 +0200 From: Paul Blakey To: Paul Blakey , Roi Dayan , Simon Horman , Oz Shlomo , Marcelo Ricardo Leitner , Justin Pettit , Ilya Maximets , Ben Pfaff , dev@openvswitch.org Date: Mon, 16 Dec 2019 17:53:11 +0200 Message-Id: <1576511601-12348-1-git-send-email-paulb@mellanox.com> X-Mailer: git-send-email 1.8.4.3 Subject: [ovs-dev] [PATCH v5 00/10] Add support for offloading CT datapath rules to TC X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The following patchset introduces hardware offload of OVS connection tracking datapath rules. OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() matches to support connection tracking. The datapath rules are in the form of: recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2) recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 This patchset will translate ct_state() and recirc_id() matches to tc ct_state and chain matches respectively. The datapath actions ct() and recirc() will be translated to tc actions ct and goto chain respectively. The tc equivalent commands for the above rules are: $ tc filter add dev dev1 ingress \ prio 1 chain 0 proto ip \ flower tcp ct_state -trk \ action ct pipe \ action goto chain 2 $ tc filter add dev dev1 ingress \ prio 1 chain 2 proto ip \ flower tcp ct_state +trk+est \ action mirred egress redirect dev dev2 Thanks, Paul Paul Blakey (10): match: Add match_set_ct_zone_masked helper compat: Add tc ct action and flower matches defines for older kernels tc: Introduce tcf_id to specify a tc filter netdev-offload-tc: Implement netdev tc flush via tc filter del dpif: Add support to set user features tc: Move tunnel_key unset action before output ports netdev-offload-tc: Add recirculation support via tc chains netdev-offload-tc: Add conntrack support netdev-offload-tc: Add conntrack label and mark support netdev-offload-tc: Add conntrack nat support datapath/linux/compat/include/linux/openvswitch.h | 3 + include/linux/automake.mk | 3 +- include/linux/pkt_cls.h | 46 +- include/linux/tc_act/tc_ct.h | 41 ++ include/openvswitch/match.h | 2 + lib/dpif-netdev.c | 1 + lib/dpif-netlink.c | 70 ++- lib/dpif-provider.h | 2 + lib/dpif.c | 9 + lib/dpif.h | 2 + lib/match.c | 10 +- lib/netdev-linux.c | 6 +- lib/netdev-offload-tc.c | 600 +++++++++++++++------- lib/tc.c | 448 ++++++++++++---- lib/tc.h | 112 +++- 15 files changed, 1067 insertions(+), 288 deletions(-) create mode 100644 include/linux/tc_act/tc_ct.h