From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netdev@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org, davem@davemloft.net,
thomas.lendacky@amd.com, f.fainelli@gmail.com,
ariel.elior@cavium.com, michael.chan@broadcom.com,
santosh@chelsio.com, madalin.bucur@nxp.com,
yisen.zhuang@huawei.com, salil.mehta@huawei.com,
jeffrey.t.kirsher@intel.com, tariqt@mellanox.com,
saeedm@mellanox.com, jiri@mellanox.com, idosch@mellanox.com,
jakub.kicinski@netronome.com, peppe.cavallaro@st.com,
grygorii.strashko@ti.com, andrew@lunn.ch,
vivien.didelot@savoirfairelinux.com, alexandre.torgue@st.com,
joabreu@synopsys.com, linux-net-drivers@solarflare.com,
ganeshgr@chelsio.com, ogerlitz@mellanox.com,
Manish.Chopra@cavium.com, marcelo.leitner@gmail.com,
mkubecek@suse.cz, venkatkumar.duvvuru@broadcom.com,
cphealy@gmail.com
Subject: [PATCH net-next 00/12] netfilter: add hardware offload infrastructure
Date: Thu, 20 Jun 2019 21:49:05 +0200 [thread overview]
Message-ID: <20190620194917.2298-1-pablo@netfilter.org> (raw)
Hi,
This patchset adds support for Netfilter hardware offloads.
This patchset reuses the existing block infrastructure, the
netdev_ops->ndo_setup_tc() interface, TC_SETUP_CLSFLOWER classifier and
the flow rule API.
Patch #1 moves tcf_block_cb code before the indirect block
infrastructure to avoid forward declarations in the next
patches. This is just a preparation patch.
Patch #2 adds tcf_block_cb_alloc() to allocate flow block callbacks.
Patch #3 adds tcf_block_cb_free() to release flow block callbacks.
Patch #4 adds the tcf_block_setup() infrastructure, which allows drivers
to set up flow block callbacks. This infrastructure transports
these objects via list (through the tc_block_offload object)
back to the core for registration.
CLS_API DRIVER
TC_SETUP_BLOCK ----------> setup flow_block_cb object &
it adds object to flow_block_offload->cb_list
|
CLS_API <-----------------------'
registers list if flow block
flow_block_cb & travels back to
calls ->reoffload the core for registration
Patch #5 extends tcf_block_cb_alloc() to allow drivers to set a release
callback that is invoked from tcf_block_cb_free() to release
private driver block information.
Patch #6 adds tcf_setup_block_offload(), this helper function is used by
most drivers to setup the block, including common bind and
unbind operations.
Patch #7 adapts drivers to use the infrastructure introduced in Patch #4.
Patch #8 stops exposing the tc block structure to drivers, by caching
the only information that drivers need, ie. block is shared
flag.
Patch #9 removes the tcf_block_cb_register() / _unregister()
infrastructure, since it is now unused after Patch #7.
Patch #10 moves the flow_block API to the net/core/flow_offload.c core.
This renames tcf_block_cb to flow_block_cb as well as the
functions to allocate, release, lookup and setup flow block
callbacks.
Patch #11 makes sure that only one flow block callback per device is
possible by now. This means only one of the ethtool / tc /
netfilter subsystems can use hardware offloads, until drivers
are updated to remove this limitation.
Patch #12 introduces basic netfilter hardware offload infrastructure
for the ingress chain. This includes 5-tuple matching and
accept / drop actions. Only basechains are supported at this
stage, no .reoffload callback is implemented either.
Please, apply, thanks.
Pablo Neira Ayuso (12):
net: sched: move tcf_block_cb before indr_block
net: sched: add tcf_block_cb_alloc()
net: sched: add tcf_block_cb_free()
net: sched: add tcf_block_setup()
net: sched: add release callback to struct tcf_block_cb
net: sched: add tcf_setup_block_offload()
net: use tcf_block_setup() infrastructure
net: cls_api: do not expose tcf_block to drivers
net: sched: remove tcf_block_cb_{register,unregister}()
net: flow_offload: add flow_block_cb API
net: flow_offload: don't allow block sharing until drivers support this
netfilter: nf_tables: add hardware offload support
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 26 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c | 28 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 26 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 35 +-
drivers/net/ethernet/intel/igb/igb_main.c | 24 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 27 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 62 ++-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 87 ++--
drivers/net/ethernet/mscc/ocelot_ace.h | 4 +-
drivers/net/ethernet/mscc/ocelot_flower.c | 45 +-
drivers/net/ethernet/mscc/ocelot_tc.c | 28 +-
drivers/net/ethernet/netronome/nfp/abm/cls.c | 19 +-
drivers/net/ethernet/netronome/nfp/abm/main.h | 2 +-
drivers/net/ethernet/netronome/nfp/bpf/main.c | 29 +-
.../net/ethernet/netronome/nfp/flower/offload.c | 63 ++-
drivers/net/ethernet/qlogic/qede/qede_main.c | 23 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +-
drivers/net/netdevsim/netdev.c | 26 +-
include/net/flow_offload.h | 52 +++
include/net/netfilter/nf_tables.h | 13 +
include/net/netfilter/nf_tables_offload.h | 76 ++++
include/net/pkt_cls.h | 90 +---
include/uapi/linux/netfilter/nf_tables.h | 2 +
net/core/flow_offload.c | 121 +++++
net/dsa/slave.c | 16 +-
net/netfilter/Makefile | 2 +-
net/netfilter/nf_tables_api.c | 22 +-
net/netfilter/nf_tables_offload.c | 233 ++++++++++
net/netfilter/nft_cmp.c | 53 +++
net/netfilter/nft_immediate.c | 31 ++
net/netfilter/nft_meta.c | 27 ++
net/netfilter/nft_payload.c | 187 ++++++++
net/sched/cls_api.c | 502 ++++++++++-----------
35 files changed, 1305 insertions(+), 751 deletions(-)
create mode 100644 include/net/netfilter/nf_tables_offload.h
create mode 100644 net/netfilter/nf_tables_offload.c
--
2.11.0
next reply other threads:[~2019-06-20 19:49 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-20 19:49 Pablo Neira Ayuso [this message]
2019-06-20 19:49 ` [PATCH net-next 01/12] net: sched: move tcf_block_cb before indr_block Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 02/12] net: sched: add tcf_block_cb_alloc() Pablo Neira Ayuso
2019-07-02 19:14 ` Marcelo Ricardo Leitner
2019-06-20 19:49 ` [PATCH net-next 03/12] net: sched: add tcf_block_cb_free() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 04/12] net: sched: add tcf_block_setup() Pablo Neira Ayuso
2019-06-21 17:16 ` Jiri Pirko
2019-06-25 8:31 ` Pablo Neira Ayuso
2019-06-26 12:12 ` Jiri Pirko
2019-06-26 13:16 ` Pablo Neira Ayuso
2019-07-03 10:43 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 05/12] net: sched: add release callback to struct tcf_block_cb Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 06/12] net: sched: add tcf_setup_block_offload() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 07/12] net: use tcf_block_setup() infrastructure Pablo Neira Ayuso
2019-07-02 19:16 ` Marcelo Ricardo Leitner
2019-06-20 19:49 ` [PATCH net-next 08/12] net: cls_api: do not expose tcf_block to drivers Pablo Neira Ayuso
2019-06-21 16:17 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 09/12] net: sched: remove tcf_block_cb_{register,unregister}() Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 10/12] net: flow_offload: add flow_block_cb API Pablo Neira Ayuso
2019-06-21 15:19 ` Jiri Pirko
2019-06-20 19:49 ` [PATCH net-next 11/12] net: flow_offload: don't allow block sharing until drivers support this Pablo Neira Ayuso
2019-06-25 8:16 ` Jiri Pirko
2019-06-25 8:22 ` Pablo Neira Ayuso
2019-06-20 19:49 ` [PATCH net-next 12/12] netfilter: nf_tables: add hardware offload support Pablo Neira Ayuso
2019-06-21 15:16 ` [PATCH net-next 00/12] netfilter: add hardware offload infrastructure Jiri Pirko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190620194917.2298-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=Manish.Chopra@cavium.com \
--cc=alexandre.torgue@st.com \
--cc=andrew@lunn.ch \
--cc=ariel.elior@cavium.com \
--cc=cphealy@gmail.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=ganeshgr@chelsio.com \
--cc=grygorii.strashko@ti.com \
--cc=idosch@mellanox.com \
--cc=jakub.kicinski@netronome.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=jiri@mellanox.com \
--cc=joabreu@synopsys.com \
--cc=linux-net-drivers@solarflare.com \
--cc=madalin.bucur@nxp.com \
--cc=marcelo.leitner@gmail.com \
--cc=michael.chan@broadcom.com \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=peppe.cavallaro@st.com \
--cc=saeedm@mellanox.com \
--cc=salil.mehta@huawei.com \
--cc=santosh@chelsio.com \
--cc=tariqt@mellanox.com \
--cc=thomas.lendacky@amd.com \
--cc=venkatkumar.duvvuru@broadcom.com \
--cc=vivien.didelot@savoirfairelinux.com \
--cc=yisen.zhuang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).