From: Paul Blakey <paulb@mellanox.com>
To: Paul Blakey <paulb@mellanox.com>,
Saeed Mahameed <saeedm@mellanox.com>,
Oz Shlomo <ozsh@mellanox.com>,
Jakub Kicinski <jakub.kicinski@netronome.com>,
Vlad Buslov <vladbu@mellanox.com>,
David Miller <davem@davemloft.net>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
Jiri Pirko <jiri@mellanox.com>, Roi Dayan <roid@mellanox.com>
Subject: [PATCH net-next ct-offload v3 05/15] net/sched: act_ct: Support restoring conntrack info on skbs
Date: Wed, 11 Mar 2020 16:33:48 +0200 [thread overview]
Message-ID: <1583937238-21511-6-git-send-email-paulb@mellanox.com> (raw)
In-Reply-To: <1583937238-21511-1-git-send-email-paulb@mellanox.com>
Provide an API to restore the ct state pointer.
This may be used by drivers to restore the ct state if they
miss in tc chain after they already did the hardware connection
tracking action (ct_metadata action).
For example, consider the following rule on chain 0 that is in_hw,
however chain 1 is not_in_hw:
$ tc filter add dev ... chain 0 ... \
flower ... action ct pipe action goto chain 1
Packets of a flow offloaded (via nf flow table offload) by the driver
hit this rule in hardware, will be marked with the ct metadata action
(mark, label, zone) that does the equivalent of the software ct action,
and when the packet jumps to hardware chain 1, there would be a miss.
CT was already processed in hardware. Therefore, the driver's miss
handling should restore the ct state on the skb, using the provided API,
and continue the packet processing in chain 1.
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
---
include/net/flow_offload.h | 1 +
include/net/tc_act/tc_ct.h | 7 +++++++
net/sched/act_ct.c | 15 +++++++++++++++
3 files changed, 23 insertions(+)
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index ba43349..a039c90 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -227,6 +227,7 @@ struct flow_action_entry {
u16 zone;
} ct;
struct {
+ unsigned long cookie;
u32 mark;
u32 labels[4];
} ct_metadata;
diff --git a/include/net/tc_act/tc_ct.h b/include/net/tc_act/tc_ct.h
index cf3492e..735da59 100644
--- a/include/net/tc_act/tc_ct.h
+++ b/include/net/tc_act/tc_ct.h
@@ -55,6 +55,13 @@ static inline int tcf_ct_action(const struct tc_action *a)
static inline int tcf_ct_action(const struct tc_action *a) { return 0; }
#endif /* CONFIG_NF_CONNTRACK */
+#if IS_ENABLED(CONFIG_NET_ACT_CT)
+void tcf_ct_flow_table_restore_skb(struct sk_buff *skb, unsigned long cookie);
+#else
+static inline void
+tcf_ct_flow_table_restore_skb(struct sk_buff *skb, unsigned long cookie) { }
+#endif
+
static inline bool is_tcf_ct(const struct tc_action *a)
{
#if defined(CONFIG_NET_CLS_ACT) && IS_ENABLED(CONFIG_NF_CONNTRACK)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 9c522bc..9d6eb145 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -170,6 +170,7 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
{
struct nf_conn_labels *ct_labels;
struct flow_action_entry *entry;
+ enum ip_conntrack_info ctinfo;
u32 *act_ct_labels;
entry = tcf_ct_flow_table_flow_action_get_next(action);
@@ -177,6 +178,10 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
entry->ct_metadata.mark = ct->mark;
#endif
+ ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
+ IP_CT_ESTABLISHED_REPLY;
+ /* aligns with the CT reference on the SKB nf_ct_set */
+ entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
act_ct_labels = entry->ct_metadata.labels;
ct_labels = nf_ct_labels_find(ct);
@@ -1530,6 +1535,16 @@ static void __exit ct_cleanup_module(void)
destroy_workqueue(act_ct_wq);
}
+void tcf_ct_flow_table_restore_skb(struct sk_buff *skb, unsigned long cookie)
+{
+ enum ip_conntrack_info ctinfo = cookie & NFCT_INFOMASK;
+ struct nf_conn *ct = (struct nf_conn *)(cookie & NFCT_PTRMASK);
+
+ nf_conntrack_get(&ct->ct_general);
+ nf_ct_set(skb, ct, ctinfo);
+}
+EXPORT_SYMBOL_GPL(tcf_ct_flow_table_restore_skb);
+
module_init(ct_init_module);
module_exit(ct_cleanup_module);
MODULE_AUTHOR("Paul Blakey <paulb@mellanox.com>");
--
1.8.3.1
next prev parent reply other threads:[~2020-03-11 14:34 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-11 14:33 [PATCH net-next ct-offload v3 00/15] Introduce connection tracking offload Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 01/15] net/mlx5: E-Switch, Enable reg c1 loopback when possible Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 02/15] net/mlx5e: en_rep: Create uplink rep root table after eswitch offloads table Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 03/15] netfilter: flowtable: Add API for registering to flow table events Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 04/15] net/sched: act_ct: Instantiate flow table entry actions Paul Blakey
2020-03-11 17:41 ` Edward Cree
2020-03-11 22:27 ` Paul Blakey
2020-03-11 14:33 ` Paul Blakey [this message]
2020-03-12 6:40 ` [PATCH net-next ct-offload v3 05/15] net/sched: act_ct: Support restoring conntrack info on skbs David Miller
2020-03-12 9:33 ` Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 06/15] net/sched: act_ct: Support refreshing the flow table entries Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 07/15] net/sched: act_ct: Enable hardware offload of flow table entires Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 08/15] net/mlx5: E-Switch, Introduce global tables Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 09/15] net/mlx5: E-Switch, Add support for offloading rules with no in_port Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 10/15] net/mlx5: E-Switch, Support getting chain mapping Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 11/15] flow_offload: Add flow_match_ct to get rule ct match Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 12/15] net/mlx5e: CT: Introduce connection tracking Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 13/15] net/mlx5e: CT: Offload established flows Paul Blakey
2020-03-11 17:45 ` Edward Cree
2020-03-11 22:29 ` Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 14/15] net/mlx5e: CT: Handle misses after executing CT action Paul Blakey
2020-03-11 14:33 ` [PATCH net-next ct-offload v3 15/15] net/mlx5e: CT: Support clear action Paul Blakey
2020-03-11 19:13 ` [PATCH net-next ct-offload v3 00/15] Introduce connection tracking offload Marcelo Ricardo Leitner
2020-03-11 22:27 ` Paul Blakey
2020-03-11 22:44 ` Marcelo Ricardo Leitner
2020-03-12 0:01 ` Marcelo Ricardo Leitner
2020-03-12 9:33 ` Paul Blakey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1583937238-21511-6-git-send-email-paulb@mellanox.com \
--to=paulb@mellanox.com \
--cc=davem@davemloft.net \
--cc=jakub.kicinski@netronome.com \
--cc=jiri@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=ozsh@mellanox.com \
--cc=roid@mellanox.com \
--cc=saeedm@mellanox.com \
--cc=vladbu@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.