* [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata @ 2020-05-28 7:15 wenxu 2020-05-28 7:15 ` [PATCH net-next 1/2] net/sched: act_ct: add nat attribute " wenxu ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: wenxu @ 2020-05-28 7:15 UTC (permalink / raw) To: paulb, saeedm; +Cc: netdev From: wenxu <wenxu@ucloud.cn> Currently all the conntrack entry offfload rules will be add in both ct and ct_nat flow table in the mlx5e driver. It is not makesense. This serise provide nat attribute in the ct_metadata action which tell driver the rule should add to ct or ct_nat flow table wenxu (2): net/sched: act_ct: add nat attribute in ct_metadata net/mlx5e: add ct_metadata.nat support in ct offload drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 34 ++++++++-------------- include/net/flow_offload.h | 1 + net/sched/act_ct.c | 1 + 3 files changed, 14 insertions(+), 22 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH net-next 1/2] net/sched: act_ct: add nat attribute in ct_metadata 2020-05-28 7:15 [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata wenxu @ 2020-05-28 7:15 ` wenxu 2020-05-28 7:15 ` [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload wenxu 2020-05-28 11:35 ` [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata Edward Cree 2 siblings, 0 replies; 7+ messages in thread From: wenxu @ 2020-05-28 7:15 UTC (permalink / raw) To: paulb, saeedm; +Cc: netdev From: wenxu <wenxu@ucloud.cn> Add nat attribute in the ct_metadata action. This tell driver the offload conntrack entry is nat one or not. Signed-off-by: wenxu <wenxu@ucloud.cn> --- include/net/flow_offload.h | 1 + net/sched/act_ct.c | 1 + 2 files changed, 2 insertions(+) diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h index 95d6337..e3f09dd 100644 --- a/include/net/flow_offload.h +++ b/include/net/flow_offload.h @@ -244,6 +244,7 @@ struct flow_action_entry { unsigned long cookie; u32 mark; u32 labels[4]; + bool nat; } ct_metadata; struct { /* FLOW_ACTION_MPLS_PUSH */ u32 label; diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 9adff83..f70ab543 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -183,6 +183,7 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct, IP_CT_ESTABLISHED_REPLY; /* aligns with the CT reference on the SKB nf_ct_set */ entry->ct_metadata.cookie = (unsigned long)ct | ctinfo; + entry->ct_metadata.nat = ct->status & IPS_NAT_MASK; act_ct_labels = entry->ct_metadata.labels; ct_labels = nf_ct_labels_find(ct); -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload 2020-05-28 7:15 [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata wenxu 2020-05-28 7:15 ` [PATCH net-next 1/2] net/sched: act_ct: add nat attribute " wenxu @ 2020-05-28 7:15 ` wenxu 2020-05-31 8:01 ` Oz Shlomo 2020-05-28 11:35 ` [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata Edward Cree 2 siblings, 1 reply; 7+ messages in thread From: wenxu @ 2020-05-28 7:15 UTC (permalink / raw) To: paulb, saeedm; +Cc: netdev From: wenxu <wenxu@ucloud.cn> In the ct offload all the conntrack entry offload rules will be add to both ct ft and ct_nat ft twice. It is not makesense. The ct_metadat.nat will tell driver the rule should add to ct or ct_nat flow table Signed-off-by: wenxu <wenxu@ucloud.cn> --- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 34 ++++++++-------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c index 995b2ef..02ecd24 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c @@ -88,7 +88,7 @@ struct mlx5_ct_entry { struct mlx5_fc *counter; unsigned long cookie; unsigned long restore_cookie; - struct mlx5_ct_zone_rule zone_rules[2]; + struct mlx5_ct_zone_rule zone_rule; }; static const struct rhashtable_params cts_ht_params = { @@ -238,10 +238,9 @@ struct mlx5_ct_entry { static void mlx5_tc_ct_entry_del_rule(struct mlx5_tc_ct_priv *ct_priv, - struct mlx5_ct_entry *entry, - bool nat) + struct mlx5_ct_entry *entry) { - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; struct mlx5_esw_flow_attr *attr = &zone_rule->attr; struct mlx5_eswitch *esw = ct_priv->esw; @@ -256,8 +255,7 @@ struct mlx5_ct_entry { mlx5_tc_ct_entry_del_rules(struct mlx5_tc_ct_priv *ct_priv, struct mlx5_ct_entry *entry) { - mlx5_tc_ct_entry_del_rule(ct_priv, entry, true); - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); + mlx5_tc_ct_entry_del_rule(ct_priv, entry); mlx5_fc_destroy(ct_priv->esw->dev, entry->counter); } @@ -493,7 +491,7 @@ struct mlx5_ct_entry { struct mlx5_ct_entry *entry, bool nat) { - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; struct mlx5_esw_flow_attr *attr = &zone_rule->attr; struct mlx5_eswitch *esw = ct_priv->esw; struct mlx5_flow_spec *spec = NULL; @@ -562,7 +560,8 @@ struct mlx5_ct_entry { static int mlx5_tc_ct_entry_add_rules(struct mlx5_tc_ct_priv *ct_priv, struct flow_rule *flow_rule, - struct mlx5_ct_entry *entry) + struct mlx5_ct_entry *entry, + bool nat) { struct mlx5_eswitch *esw = ct_priv->esw; int err; @@ -574,20 +573,10 @@ struct mlx5_ct_entry { return err; } - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, false); + err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, nat); if (err) - goto err_orig; - - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, true); - if (err) - goto err_nat; - - return 0; + mlx5_fc_destroy(esw->dev, entry->counter); -err_nat: - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); -err_orig: - mlx5_fc_destroy(esw->dev, entry->counter); return err; } @@ -619,7 +608,8 @@ struct mlx5_ct_entry { entry->cookie = flow->cookie; entry->restore_cookie = meta_action->ct_metadata.cookie; - err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry); + err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry, + meta_action->ct_metadata.nat); if (err) goto err_rules; @@ -1620,7 +1610,7 @@ struct mlx5_flow_handle * return false; entry = container_of(zone_rule, struct mlx5_ct_entry, - zone_rules[zone_rule->nat]); + zone_rule); tcf_ct_flow_table_restore_skb(skb, entry->restore_cookie); return true; -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload 2020-05-28 7:15 ` [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload wenxu @ 2020-05-31 8:01 ` Oz Shlomo 2020-06-01 3:11 ` wenxu 0 siblings, 1 reply; 7+ messages in thread From: Oz Shlomo @ 2020-05-31 8:01 UTC (permalink / raw) To: wenxu, paulb, saeedm; +Cc: netdev Hi Wenxu, On 5/28/2020 10:15 AM, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > In the ct offload all the conntrack entry offload rules > will be add to both ct ft and ct_nat ft twice. > It is not makesense. The ct_metadat.nat will tell driver Adding the connection to both tables is required because the user may perform a CT action without NAT even though a NAT entry was allocated when the connection was committed. > the rule should add to ct or ct_nat flow table > > Signed-off-by: wenxu <wenxu@ucloud.cn> > --- > drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 34 ++++++++-------------- > 1 file changed, 12 insertions(+), 22 deletions(-) > > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c > index 995b2ef..02ecd24 100644 > --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c > +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c > @@ -88,7 +88,7 @@ struct mlx5_ct_entry { > struct mlx5_fc *counter; > unsigned long cookie; > unsigned long restore_cookie; > - struct mlx5_ct_zone_rule zone_rules[2]; > + struct mlx5_ct_zone_rule zone_rule; > }; > > static const struct rhashtable_params cts_ht_params = { > @@ -238,10 +238,9 @@ struct mlx5_ct_entry { > > static void > mlx5_tc_ct_entry_del_rule(struct mlx5_tc_ct_priv *ct_priv, > - struct mlx5_ct_entry *entry, > - bool nat) > + struct mlx5_ct_entry *entry) > { > - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; > + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; > struct mlx5_esw_flow_attr *attr = &zone_rule->attr; > struct mlx5_eswitch *esw = ct_priv->esw; > > @@ -256,8 +255,7 @@ struct mlx5_ct_entry { > mlx5_tc_ct_entry_del_rules(struct mlx5_tc_ct_priv *ct_priv, > struct mlx5_ct_entry *entry) > { > - mlx5_tc_ct_entry_del_rule(ct_priv, entry, true); > - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); > + mlx5_tc_ct_entry_del_rule(ct_priv, entry); > > mlx5_fc_destroy(ct_priv->esw->dev, entry->counter); > } > @@ -493,7 +491,7 @@ struct mlx5_ct_entry { > struct mlx5_ct_entry *entry, > bool nat) > { > - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; > + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; > struct mlx5_esw_flow_attr *attr = &zone_rule->attr; > struct mlx5_eswitch *esw = ct_priv->esw; > struct mlx5_flow_spec *spec = NULL; > @@ -562,7 +560,8 @@ struct mlx5_ct_entry { > static int > mlx5_tc_ct_entry_add_rules(struct mlx5_tc_ct_priv *ct_priv, > struct flow_rule *flow_rule, > - struct mlx5_ct_entry *entry) > + struct mlx5_ct_entry *entry, > + bool nat) > { > struct mlx5_eswitch *esw = ct_priv->esw; > int err; > @@ -574,20 +573,10 @@ struct mlx5_ct_entry { > return err; > } > > - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, false); > + err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, nat); > if (err) > - goto err_orig; > - > - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, true); > - if (err) > - goto err_nat; > - > - return 0; > + mlx5_fc_destroy(esw->dev, entry->counter); > > -err_nat: > - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); > -err_orig: > - mlx5_fc_destroy(esw->dev, entry->counter); > return err; > } > > @@ -619,7 +608,8 @@ struct mlx5_ct_entry { > entry->cookie = flow->cookie; > entry->restore_cookie = meta_action->ct_metadata.cookie; > > - err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry); > + err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry, > + meta_action->ct_metadata.nat); > if (err) > goto err_rules; > > @@ -1620,7 +1610,7 @@ struct mlx5_flow_handle * > return false; > > entry = container_of(zone_rule, struct mlx5_ct_entry, > - zone_rules[zone_rule->nat]); > + zone_rule); > tcf_ct_flow_table_restore_skb(skb, entry->restore_cookie); > > return true; > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload 2020-05-31 8:01 ` Oz Shlomo @ 2020-06-01 3:11 ` wenxu 0 siblings, 0 replies; 7+ messages in thread From: wenxu @ 2020-06-01 3:11 UTC (permalink / raw) To: Oz Shlomo, paulb, saeedm; +Cc: netdev On 5/31/2020 4:01 PM, Oz Shlomo wrote: > Hi Wenxu, > > On 5/28/2020 10:15 AM, wenxu@ucloud.cn wrote: >> From: wenxu <wenxu@ucloud.cn> >> >> In the ct offload all the conntrack entry offload rules >> will be add to both ct ft and ct_nat ft twice. >> It is not makesense. The ct_metadat.nat will tell driver > > Adding the connection to both tables is required because the user may > perform a CT action without NAT even though a NAT entry was allocated > when the connection was committed. Thanks, understood. But I just wonder what use case for this behavior? > >> the rule should add to ct or ct_nat flow table >> >> Signed-off-by: wenxu <wenxu@ucloud.cn> >> --- >> drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 34 ++++++++-------------- >> 1 file changed, 12 insertions(+), 22 deletions(-) >> >> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c >> index 995b2ef..02ecd24 100644 >> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c >> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c >> @@ -88,7 +88,7 @@ struct mlx5_ct_entry { >> struct mlx5_fc *counter; >> unsigned long cookie; >> unsigned long restore_cookie; >> - struct mlx5_ct_zone_rule zone_rules[2]; >> + struct mlx5_ct_zone_rule zone_rule; >> }; >> static const struct rhashtable_params cts_ht_params = { >> @@ -238,10 +238,9 @@ struct mlx5_ct_entry { >> static void >> mlx5_tc_ct_entry_del_rule(struct mlx5_tc_ct_priv *ct_priv, >> - struct mlx5_ct_entry *entry, >> - bool nat) >> + struct mlx5_ct_entry *entry) >> { >> - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; >> + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; >> struct mlx5_esw_flow_attr *attr = &zone_rule->attr; >> struct mlx5_eswitch *esw = ct_priv->esw; >> @@ -256,8 +255,7 @@ struct mlx5_ct_entry { >> mlx5_tc_ct_entry_del_rules(struct mlx5_tc_ct_priv *ct_priv, >> struct mlx5_ct_entry *entry) >> { >> - mlx5_tc_ct_entry_del_rule(ct_priv, entry, true); >> - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); >> + mlx5_tc_ct_entry_del_rule(ct_priv, entry); >> mlx5_fc_destroy(ct_priv->esw->dev, entry->counter); >> } >> @@ -493,7 +491,7 @@ struct mlx5_ct_entry { >> struct mlx5_ct_entry *entry, >> bool nat) >> { >> - struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rules[nat]; >> + struct mlx5_ct_zone_rule *zone_rule = &entry->zone_rule; >> struct mlx5_esw_flow_attr *attr = &zone_rule->attr; >> struct mlx5_eswitch *esw = ct_priv->esw; >> struct mlx5_flow_spec *spec = NULL; >> @@ -562,7 +560,8 @@ struct mlx5_ct_entry { >> static int >> mlx5_tc_ct_entry_add_rules(struct mlx5_tc_ct_priv *ct_priv, >> struct flow_rule *flow_rule, >> - struct mlx5_ct_entry *entry) >> + struct mlx5_ct_entry *entry, >> + bool nat) >> { >> struct mlx5_eswitch *esw = ct_priv->esw; >> int err; >> @@ -574,20 +573,10 @@ struct mlx5_ct_entry { >> return err; >> } >> - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, false); >> + err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, nat); >> if (err) >> - goto err_orig; >> - >> - err = mlx5_tc_ct_entry_add_rule(ct_priv, flow_rule, entry, true); >> - if (err) >> - goto err_nat; >> - >> - return 0; >> + mlx5_fc_destroy(esw->dev, entry->counter); >> -err_nat: >> - mlx5_tc_ct_entry_del_rule(ct_priv, entry, false); >> -err_orig: >> - mlx5_fc_destroy(esw->dev, entry->counter); >> return err; >> } >> @@ -619,7 +608,8 @@ struct mlx5_ct_entry { >> entry->cookie = flow->cookie; >> entry->restore_cookie = meta_action->ct_metadata.cookie; >> - err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry); >> + err = mlx5_tc_ct_entry_add_rules(ct_priv, flow_rule, entry, >> + meta_action->ct_metadata.nat); >> if (err) >> goto err_rules; >> @@ -1620,7 +1610,7 @@ struct mlx5_flow_handle * >> return false; >> entry = container_of(zone_rule, struct mlx5_ct_entry, >> - zone_rules[zone_rule->nat]); >> + zone_rule); >> tcf_ct_flow_table_restore_skb(skb, entry->restore_cookie); >> return true; >> > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata 2020-05-28 7:15 [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata wenxu 2020-05-28 7:15 ` [PATCH net-next 1/2] net/sched: act_ct: add nat attribute " wenxu 2020-05-28 7:15 ` [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload wenxu @ 2020-05-28 11:35 ` Edward Cree 2020-05-29 3:40 ` wenxu 2 siblings, 1 reply; 7+ messages in thread From: Edward Cree @ 2020-05-28 11:35 UTC (permalink / raw) To: wenxu, paulb, saeedm; +Cc: netdev On 28/05/2020 08:15, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > Currently all the conntrack entry offfload rules will be add > in both ct and ct_nat flow table in the mlx5e driver. It is > not makesense. > > This serise provide nat attribute in the ct_metadata action which > tell driver the rule should add to ct or ct_nat flow table I don't understand why changes to the core are needed. A conntrack entry should be a NAT if and only if it has FLOW_ACTION_MANGLE actions. AIUI this is sufficient information to distinguish NAT from non-NAT conntrack, and there's no need for an additional bool in ct_metadata. But it's possible my understanding is wrong. -ed ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata 2020-05-28 11:35 ` [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata Edward Cree @ 2020-05-29 3:40 ` wenxu 0 siblings, 0 replies; 7+ messages in thread From: wenxu @ 2020-05-29 3:40 UTC (permalink / raw) To: Edward Cree, paulb, saeedm; +Cc: netdev On 5/28/2020 7:35 PM, Edward Cree wrote: > On 28/05/2020 08:15, wenxu@ucloud.cn wrote: >> From: wenxu <wenxu@ucloud.cn> >> >> Currently all the conntrack entry offfload rules will be add >> in both ct and ct_nat flow table in the mlx5e driver. It is >> not makesense. >> >> This serise provide nat attribute in the ct_metadata action which >> tell driver the rule should add to ct or ct_nat flow table > I don't understand why changes to the core are needed. > A conntrack entry should be a NAT if and only if it has > FLOW_ACTION_MANGLE actions. AIUI this is sufficient information > to distinguish NAT from non-NAT conntrack, and there's no need > for an additional bool in ct_metadata. > But it's possible my understanding is wrong. Yes, Currently the FLOW_ACTION_MANGLE can distinguish this. But I think the right way to get nat or non-nat conntrack is through the nf_conn->status ? > > -ed > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-06-01 3:12 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-05-28 7:15 [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata wenxu 2020-05-28 7:15 ` [PATCH net-next 1/2] net/sched: act_ct: add nat attribute " wenxu 2020-05-28 7:15 ` [PATCH net-next 2/2] net/mlx5e: add ct_metadata.nat support in ct offload wenxu 2020-05-31 8:01 ` Oz Shlomo 2020-06-01 3:11 ` wenxu 2020-05-28 11:35 ` [PATCH net-next 0/2] net/mlx5e: add nat support in ct_metadata Edward Cree 2020-05-29 3:40 ` wenxu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).