From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Guy Shattah <sguy@mellanox.com>,
Marcelo Leitner <mleitner@redhat.com>,
Aaron Conole <aconole@redhat.com>,
John Hurley <john.hurley@netronome.com>,
Simon Horman <simon.horman@netronome.com>,
Justin Pettit <jpettit@ovn.org>,
Gregory Rose <gvrose8192@gmail.com>,
Eelco Chaudron <echaudro@redhat.com>,
Flavio Leitner <fbl@redhat.com>,
Florian Westphal <fwestpha@redhat.com>,
Jiri Pirko <jiri@resnulli.us>, Rashid Khan <rkhan@redhat.com>,
Sushil Kulkarni <sukulkar@redhat.com>,
Andy Gospodarek <andrew.gospodarek@broadcom.com>,
Roi Dayan <roid@mellanox.com>,
Yossi Kuperman <yossiku@mellanox.com>,
Or Gerlitz <ogerlitz@mellanox.com>,
Rony Efraim <ronye@mellanox.com>,
"davem@davemloft.net" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: [RFC PATCH 0/6] Initial, PoC implementation of sw datapath of tc+CT
Date: Fri, 25 Jan 2019 00:32:29 -0200 [thread overview]
Message-ID: <cover.1548285996.git.mleitner@redhat.com> (raw)
In-Reply-To: <AM6PR05MB52376C239DEFB7E22700B904BD990@AM6PR05MB5237.eurprd05.prod.outlook.com>
We have been working on the sw datapath of tc+CT. We may not have much
yet, but this should help to shed some light on what is needed,
sw-datapath-wise speaking. Lets grease the wheels!
Some key features are still missing like proper handling of conntrack
labels, indexing all CT entries on a given act_ct action (so that we can
purge them if the action is removed) and properly match on ct_state.
All in all, if anything in there is not aligned with the planning RFC PATCH,
is because it is still in progress, but fell free to highlight it
anyway.
A LOT more will be needed for handling the offloading.
With these patches, this construction:
./tc filter del dev veth1 ingress
./tc filter add dev veth1 ingress proto ip \
matchall \
action ct zone 1 commit \
action goto chain 100
./tc filter add dev veth1 ingress proto ip chain 100 \
flower ct_zone 2 \
action drop
./tc filter add dev veth1 ingress proto ip chain 100 \
flower ct_zone 1 \
action drop
works, in the sense that replaying a tcp packet gets dropped by the last
rule on chain 100, while the first one misses it. Regarding the goto
chain used here, yes, that action has to be done within the ct action
(as described in the planning and in the FIXME tag in 3rd patch).
Marcelo Ricardo Leitner (6):
flow_dissector: add support for matching on ConnTrack
net/sched: flower: add support for matching on ConnTrack
net/sched: add CT action
net/sched: act_ct: add support for force flag
net/sched: act_ct: add support for clear flag
net/sched: act_ct: allow sending a packet through conntrack multiple
times
include/net/flow_dissector.h | 17 +
include/net/tc_act/tc_ct.h | 29 ++
include/uapi/linux/netfilter/xt_connlabel.h | 5 +
include/uapi/linux/pkt_cls.h | 9 +
include/uapi/linux/tc_act/tc_ct.h | 38 ++
net/core/flow_dissector.c | 25 ++
net/sched/Kconfig | 6 +
net/sched/Makefile | 1 +
net/sched/act_ct.c | 385 ++++++++++++++++++++
net/sched/cls_flower.c | 33 ++
10 files changed, 548 insertions(+)
create mode 100644 include/net/tc_act/tc_ct.h
create mode 100644 include/uapi/linux/tc_act/tc_ct.h
create mode 100644 net/sched/act_ct.c
--
2.20.1
next prev parent reply other threads:[~2019-01-25 2:33 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-23 11:29 [RFC] Connection Tracking Offload netdev RFC v1.0, part 1/2: command line + implementation Guy Shattah
2019-01-25 2:32 ` Marcelo Ricardo Leitner [this message]
2019-01-25 2:32 ` [RFC PATCH 1/6] flow_dissector: add support for matching on ConnTrack Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 2/6] net/sched: flower: " Marcelo Ricardo Leitner
2019-01-25 13:37 ` Simon Horman
2019-01-26 15:52 ` Marcelo Ricardo Leitner
2019-01-28 9:44 ` Simon Horman
2019-01-28 12:55 ` Marcelo Ricardo Leitner
2019-01-28 13:02 ` Florian Westphal
2019-01-25 2:32 ` [RFC PATCH 3/6] net/sched: add CT action Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 4/6] net/sched: act_ct: add support for force flag Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 5/6] net/sched: act_ct: add support for clear flag Marcelo Ricardo Leitner
2019-01-25 2:32 ` [RFC PATCH 6/6] net/sched: act_ct: allow sending a packet through conntrack multiple times Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 0/5] Initial, PoC implementation of sw datapath of tc+CT Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 1/5] flower: add support for CT fields Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 2/5] act_ct: first import Marcelo Ricardo Leitner
2019-02-05 22:56 ` Stephen Hemminger
2019-02-06 0:09 ` Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 3/5] act_ct: add support for commit flag Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 4/5] act/ct: add support for force flag Marcelo Ricardo Leitner
2019-01-25 2:33 ` [RFC PATCH iproute2 5/5] act/ct: add support for clear flag Marcelo Ricardo Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1548285996.git.mleitner@redhat.com \
--to=mleitner@redhat.com \
--cc=aconole@redhat.com \
--cc=andrew.gospodarek@broadcom.com \
--cc=davem@davemloft.net \
--cc=echaudro@redhat.com \
--cc=fbl@redhat.com \
--cc=fwestpha@redhat.com \
--cc=gvrose8192@gmail.com \
--cc=jiri@resnulli.us \
--cc=john.hurley@netronome.com \
--cc=jpettit@ovn.org \
--cc=netdev@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=rkhan@redhat.com \
--cc=roid@mellanox.com \
--cc=ronye@mellanox.com \
--cc=sguy@mellanox.com \
--cc=simon.horman@netronome.com \
--cc=sukulkar@redhat.com \
--cc=yossiku@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.