From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netdev@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org, davem@davemloft.net,
thomas.lendacky@amd.com, f.fainelli@gmail.com,
ariel.elior@cavium.com, michael.chan@broadcom.com,
santosh@chelsio.com, madalin.bucur@nxp.com,
yisen.zhuang@huawei.com, salil.mehta@huawei.com,
jeffrey.t.kirsher@intel.com, tariqt@mellanox.com,
saeedm@mellanox.com, jiri@mellanox.com, idosch@mellanox.com,
jakub.kicinski@netronome.com, peppe.cavallaro@st.com,
grygorii.strashko@ti.com, andrew@lunn.ch,
vivien.didelot@savoirfairelinux.com, alexandre.torgue@st.com,
joabreu@synopsys.com, linux-net-drivers@solarflare.com,
ganeshgr@chelsio.com, ogerlitz@mellanox.com,
Manish.Chopra@cavium.com, marcelo.leitner@gmail.com,
mkubecek@suse.cz, venkatkumar.duvvuru@broadcom.com,
cphealy@gmail.com
Subject: [PATCH net-next 00/12] netfilter: add hardware offload infrastructure
Date: Thu, 20 Jun 2019 21:49:05 +0200 [thread overview]
Message-ID: <20190620194917.2298-1-pablo@netfilter.org> (raw)
Hi,
This patchset adds support for Netfilter hardware offloads.
This patchset reuses the existing block infrastructure, the
netdev_ops->ndo_setup_tc() interface, TC_SETUP_CLSFLOWER classifier and
the flow rule API.
Patch #1 moves tcf_block_cb code before the indirect block
infrastructure to avoid forward declarations in the next
patches. This is just a preparation patch.
Patch #2 adds tcf_block_cb_alloc() to allocate flow block callbacks.
Patch #3 adds tcf_block_cb_free() to release flow block callbacks.
Patch #4 adds the tcf_block_setup() infrastructure, which allows drivers
to set up flow block callbacks. This infrastructure transports
these objects via list (through the tc_block_offload object)
back to the core for registration.
CLS_API DRIVER
TC_SETUP_BLOCK ----------> setup flow_block_cb object &
it adds object to flow_block_offload->cb_list
|
CLS_API <-----------------------'
registers list if flow block
flow_block_cb & travels back to
calls ->reoffload the core for registration
Patch #5 extends tcf_block_cb_alloc() to allow drivers to set a release
callback that is invoked from tcf_block_cb_free() to release
private driver block information.
Patch #6 adds tcf_setup_block_offload(), this helper function is used by
most drivers to setup the block, including common bind and
unbind operations.
Patch #7 adapts drivers to use the infrastructure introduced in Patch #4.
Patch #8 stops exposing the tc block structure to drivers, by caching
the only information that drivers need, ie. block is shared
flag.
Patch #9 removes the tcf_block_cb_register() / _unregister()
infrastructure, since it is now unused after Patch #7.
Patch #10 moves the flow_block API to the net/core/flow_offload.c core.
This renames tcf_block_cb to flow_block_cb as well as the
functions to allocate, release, lookup and setup flow block
callbacks.
Patch #11 makes sure that only one flow block callback per device is
possible by now. This means only one of the ethtool / tc /
netfilter subsystems can use hardware offloads, until drivers
are updated to remove this limitation.
Patch #12 introduces basic netfilter hardware offload infrastructure
for the ingress chain. This includes 5-tuple matching and
accept / drop actions. Only basechains are supported at this
stage, no .reoffload callback is implemented either.
Please, apply, thanks.
Pablo Neira Ayuso (12):
net: sched: move tcf_block_cb before indr_block
net: sched: add tcf_block_cb_alloc()
net: sched: add tcf_block_cb_free()
net: sched: add tcf_block_setup()
net: sched: add release callback to struct tcf_block_cb
net: sched: add tcf_setup_block_offload()
net: use tcf_block_setup() infrastructure
net: cls_api: do not expose tcf_block to drivers
net: sched: remove tcf_block_cb_{register,unregister}()
net: flow_offload: add flow_block_cb API
net: flow_offload: don't allow block sharing until drivers support this
netfilter: nf_tables: add hardware offload support
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 26 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c | 28 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 26 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 35 +-
drivers/net/ethernet/intel/igb/igb_main.c | 24 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 62 ++-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 87 ++--
drivers/net/ethernet/mscc/ocelot_ace.h | 4 +-
drivers/net/ethernet/mscc/ocelot_flower.c | 45 +-
drivers/net/ethernet/mscc/ocelot_tc.c | 28 +-
drivers/net/ethernet/netronome/nfp/abm/cls.c | 19 +-
drivers/net/ethernet/netronome/nfp/abm/main.h | 2 +-
drivers/net/ethernet/netronome/nfp/bpf/main.c | 29 +-
.../net/ethernet/netronome/nfp/flower/offload.c | 63 ++-
drivers/net/ethernet/qlogic/qede/qede_main.c | 23 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +-
drivers/net/netdevsim/netdev.c | 26 +-
include/net/flow_offload.h | 52 +++
include/net/netfilter/nf_tables.h | 13 +
include/net/netfilter/nf_tables_offload.h | 76 ++++
include/net/pkt_cls.h | 90 +---
include/uapi/linux/netfilter/nf_tables.h | 2 +
net/core/flow_offload.c | 121 +++++
net/dsa/slave.c | 16 +-
net/netfilter/Makefile | 2 +-
net/netfilter/nf_tables_api.c | 22 +-
net/netfilter/nf_tables_offload.c | 233 ++++++++++
net/netfilter/nft_cmp.c | 53 +++
net/netfilter/nft_immediate.c | 31 ++
net/netfilter/nft_meta.c | 27 ++
net/netfilter/nft_payload.c | 187 ++++++++
net/sched/cls_api.c | 502 ++++++++++-----------
35 files changed, 1305 insertions(+), 751 deletions(-)
create mode 100644 include/net/netfilter/nf_tables_offload.h
create mode 100644 net/netfilter/nf_tables_offload.c
--
2.11.0
next reply other threads:[~2019-06-20 19:49 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-20 19:49 Pablo Neira Ayuso [this message]
2019-06-20 19:49 ` [PATCH net-next 01/12] net: sched: move tcf_block_cb before indr_block Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 02/12] net: sched: add tcf_block_cb_alloc() Pablo Neira Ayuso
2019-07-02 19:14 ` Marcelo Ricardo Leitner
2019-06-20 19:49 ` [PATCH net-next 03/12] net: sched: add tcf_block_cb_free() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 04/12] net: sched: add tcf_block_setup() Pablo Neira Ayuso
2019-06-21 17:16 ` Jiri Pirko
2019-06-25 8:31 ` Pablo Neira Ayuso
2019-06-26 12:12 ` Jiri Pirko
2019-06-26 13:16 ` Pablo Neira Ayuso
2019-07-03 10:43 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 05/12] net: sched: add release callback to struct tcf_block_cb Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 06/12] net: sched: add tcf_setup_block_offload() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 07/12] net: use tcf_block_setup() infrastructure Pablo Neira Ayuso
2019-07-02 19:16 ` Marcelo Ricardo Leitner
2019-06-20 19:49 ` [PATCH net-next 08/12] net: cls_api: do not expose tcf_block to drivers Pablo Neira Ayuso
2019-06-21 16:17 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 09/12] net: sched: remove tcf_block_cb_{register,unregister}() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 10/12] net: flow_offload: add flow_block_cb API Pablo Neira Ayuso
2019-06-21 15:19 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 11/12] net: flow_offload: don't allow block sharing until drivers support this Pablo Neira Ayuso
2019-06-25 8:16 ` Jiri Pirko
2019-06-25 8:22 ` Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 12/12] netfilter: nf_tables: add hardware offload support Pablo Neira Ayuso
2019-06-21 15:16 ` [PATCH net-next 00/12] netfilter: add hardware offload infrastructure Jiri Pirko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190620194917.2298-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=Manish.Chopra@cavium.com \
--cc=alexandre.torgue@st.com \
--cc=andrew@lunn.ch \
--cc=ariel.elior@cavium.com \
--cc=cphealy@gmail.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=ganeshgr@chelsio.com \
--cc=grygorii.strashko@ti.com \
--cc=idosch@mellanox.com \
--cc=jakub.kicinski@netronome.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=jiri@mellanox.com \
--cc=joabreu@synopsys.com \
--cc=linux-net-drivers@solarflare.com \
--cc=madalin.bucur@nxp.com \
--cc=marcelo.leitner@gmail.com \
--cc=michael.chan@broadcom.com \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=peppe.cavallaro@st.com \
--cc=saeedm@mellanox.com \
--cc=salil.mehta@huawei.com \
--cc=santosh@chelsio.com \
--cc=tariqt@mellanox.com \
--cc=thomas.lendacky@amd.com \
--cc=venkatkumar.duvvuru@broadcom.com \
--cc=vivien.didelot@savoirfairelinux.com \
--cc=yisen.zhuang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.