netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH net-next,v4 00/11] netfilter: add hardware offload infrastructure
@ 2019-07-09 20:55 Pablo Neira Ayuso
  2019-07-09 20:55 ` [PATCH net-next,v4 01/12] net: flow_offload: add flow_block_cb_setup_simple() Pablo Neira Ayuso
                   ` (12 more replies)
  0 siblings, 13 replies; 26+ messages in thread
From: Pablo Neira Ayuso @ 2019-07-09 20:55 UTC (permalink / raw)
  To: netdev
  Cc: davem, thomas.lendacky, f.fainelli, ariel.elior, michael.chan,
	madalin.bucur, yisen.zhuang, salil.mehta, jeffrey.t.kirsher,
	tariqt, saeedm, jiri, idosch, jakub.kicinski, peppe.cavallaro,
	grygorii.strashko, andrew, vivien.didelot, alexandre.torgue,
	joabreu, linux-net-drivers, ogerlitz, Manish.Chopra,
	marcelo.leitner, mkubecek, venkatkumar.duvvuru,
	maxime.chevallier, cphealy, phil, netfilter-devel

Hi,

This patchset adds support for Netfilter hardware offloads.

This patchset reuses the existing block infrastructure, the
netdev_ops->ndo_setup_tc() interface, TC_SETUP_CLSFLOWER classifier and
the flow rule API.

Patch #1 adds flow_block_cb_setup_simple(), most drivers do the same thing
         to set up flow blocks, to reduce the number of changes, consolidate
         codebase. Use _simple() postfix as requested by Jakub Kicinski.
         This new function resides in net/core/flow_offload.c

Patch #2 renames TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND.

Patch #3 renames TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_*.

Patch #4 adds flow_block_cb_alloc() and flow_block_cb_free() helper
         functions, this is the first patch of the flow block API.

Patch #5 adds the helper to deal with list operations in the flow block API.
         This includes flow_block_cb_lookup(), flow_block_cb_add() and
	 flow_block_cb_remove().

Patch #6 adds flow_block_cb_priv(), flow_block_cb_incref() and
         flow_block_cb_decref() which completes the flow block API.

Patch #7 updates the cls_api to use the flow block API from the new
         tcf_block_setup(). This infrastructure transports these objects
         via list (through the tc_block_offload object) back to the core
	 for registration.

            CLS_API                           DRIVER
        TC_SETUP_BLOCK    ---------->  setup flow_block_cb object &
                                 it adds object to flow_block_offload->cb_list
                                                |
            CLS_API     <-----------------------'
           registers                     list with flow blocks
         flow_block_cb &                   travels back to
       calls ->reoffload               the core for registration

         drivers allocate and sets up (configure the blocks), then
	 registration happens from the core (cls_api and netfilter).

Patch #8 updates drivers to use the flow block API.

Patch #9 removes the tcf block callback API, which is replaced by the
         flow block API.

Patch #10 adds the flow_block_cb_is_busy() helper to check if the block
	  is already used by a subsystem. This helper is invoked from
	  drivers. Once drivers are updated to support for multiple
	  subsystems, they can remove this check.

Patch #11 rename tc structure and definitions for the block bind/unbind
	  path.

Patch #12 introduces basic netfilter hardware offload infrastructure
          for the ingress chain. This includes 5-tuple exact matching
          and accept / drop rule actions. Only basechains are supported
          at this stage, no .reoffload callback is implemented either.
          Default policy to "accept" is only supported for now.

        table netdev filter {
                chain ingress {
                        type filter hook ingress device eth0 priority 0; flags offload;

                        ip daddr 192.168.0.10 tcp dport 22 drop
                }
        }

This patchset reuses the existing tcf block callback API and it places it
in the flow block callback API in net/core/flow_offload.c.

This series aims to address Jakub and Jiri's feedback, please see specific
patches in this batch for changelog in this v4.

Please, apply. Thank you very much.

P.S: yes, Phil, I still believe there is a chance.

Pablo Neira Ayuso (12):
  net: flow_offload: add flow_block_cb_setup_simple()
  net: flow_offload: rename TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND
  net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_*
  net: flow_offload: add flow_block_cb_alloc() and flow_block_cb_free()
  net: flow_offload: add list handling functions
  net: flow_offload: add flow_block_cb_{priv,incref,decref}()
  net: sched: use flow block API
  drivers: net: use flow block API
  net: sched: remove tcf block API
  net: flow_offload: add flow_block_cb_is_busy() and use it
  net: flow_offload: rename tc_cls_flower_offload to flow_cls_offload
  netfilter: nf_tables: add hardware offload support

 drivers/net/ethernet/broadcom/bnxt/bnxt.c          |  27 +--
 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c       |  18 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.h       |   4 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c      |  29 +--
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c    |  35 +--
 .../net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c   |  22 +-
 .../net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.h   |   6 +-
 drivers/net/ethernet/intel/i40e/i40e_main.c        |  49 ++--
 drivers/net/ethernet/intel/iavf/iavf_main.c        |  58 ++---
 drivers/net/ethernet/intel/igb/igb_main.c          |  43 ++--
 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c      |  30 +--
 .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c    |   6 +-
 .../net/ethernet/mellanox/mlx5/core/en/tc_tun.h    |   8 +-
 .../ethernet/mellanox/mlx5/core/en/tc_tun_geneve.c |  18 +-
 .../ethernet/mellanox/mlx5/core/en/tc_tun_gre.c    |   4 +-
 .../ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c  |  10 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_main.c  |  38 +--
 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c   |  94 ++++----
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c    |  34 +--
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.h    |   6 +-
 drivers/net/ethernet/mellanox/mlxsw/spectrum.c     | 116 +++++----
 drivers/net/ethernet/mellanox/mlxsw/spectrum.h     |  10 +-
 .../net/ethernet/mellanox/mlxsw/spectrum_flower.c  |  34 +--
 drivers/net/ethernet/mscc/ocelot_ace.h             |   4 +-
 drivers/net/ethernet/mscc/ocelot_flower.c          |  70 +++---
 drivers/net/ethernet/mscc/ocelot_tc.c              |  47 ++--
 drivers/net/ethernet/netronome/nfp/abm/cls.c       |  22 +-
 drivers/net/ethernet/netronome/nfp/abm/main.h      |   2 +-
 drivers/net/ethernet/netronome/nfp/bpf/main.c      |  30 +--
 drivers/net/ethernet/netronome/nfp/flower/action.c |  14 +-
 drivers/net/ethernet/netronome/nfp/flower/main.h   |   6 +-
 drivers/net/ethernet/netronome/nfp/flower/match.c  |  44 ++--
 .../net/ethernet/netronome/nfp/flower/metadata.c   |   2 +-
 .../net/ethernet/netronome/nfp/flower/offload.c    | 116 +++++----
 drivers/net/ethernet/qlogic/qede/qede.h            |   2 +-
 drivers/net/ethernet/qlogic/qede/qede_filter.c     |   2 +-
 drivers/net/ethernet/qlogic/qede/qede_main.c       |  32 +--
 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c  |  23 +-
 drivers/net/netdevsim/netdev.c                     |  29 +--
 include/net/flow_offload.h                         |  96 ++++++++
 include/net/netfilter/nf_tables.h                  |  14 ++
 include/net/netfilter/nf_tables_offload.h          |  76 ++++++
 include/net/pkt_cls.h                              | 129 +---------
 include/uapi/linux/netfilter/nf_tables.h           |   2 +
 net/core/flow_offload.c                            | 118 +++++++++
 net/dsa/slave.c                                    |  33 ++-
 net/netfilter/Makefile                             |   2 +-
 net/netfilter/nf_tables_api.c                      |  39 ++-
 net/netfilter/nf_tables_offload.c                  | 267 +++++++++++++++++++++
 net/netfilter/nft_cmp.c                            |  53 ++++
 net/netfilter/nft_immediate.c                      |  31 +++
 net/netfilter/nft_meta.c                           |  27 +++
 net/netfilter/nft_payload.c                        | 187 +++++++++++++++
 net/sched/cls_api.c                                | 211 ++++++++--------
 net/sched/cls_flower.c                             |  24 +-
 net/sched/sch_ingress.c                            |   6 +-
 56 files changed, 1579 insertions(+), 880 deletions(-)
 create mode 100644 include/net/netfilter/nf_tables_offload.h
 create mode 100644 net/netfilter/nf_tables_offload.c

-- 
2.11.0



^ permalink raw reply	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2019-08-16 17:00 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-09 20:55 [PATCH net-next,v4 00/11] netfilter: add hardware offload infrastructure Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 01/12] net: flow_offload: add flow_block_cb_setup_simple() Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 02/12] net: flow_offload: rename TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 03/12] net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 04/12] net: flow_offload: add flow_block_cb_alloc() and flow_block_cb_free() Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 05/12] net: flow_offload: add list handling functions Pablo Neira Ayuso
2019-07-10  7:36   ` Jiri Pirko
2019-07-10  9:06     ` Jiri Pirko
2019-07-09 20:55 ` [PATCH net-next,v4 06/12] net: flow_offload: add flow_block_cb_{priv,incref,decref}() Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 07/12] net: sched: use flow block API Pablo Neira Ayuso
2019-08-14 16:32   ` Edward Cree
2019-08-16  1:10     ` Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 08/12] drivers: net: " Pablo Neira Ayuso
2019-07-10  8:01   ` Jiri Pirko
2019-08-12 17:50   ` Edward Cree
2019-08-13 19:51     ` Pablo Neira Ayuso
2019-08-14 16:17       ` Edward Cree
2019-08-16  1:04         ` Pablo Neira Ayuso
2019-08-16 17:00           ` Edward Cree
2019-07-09 20:55 ` [PATCH net-next,v4 09/12] net: sched: remove tcf " Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 10/12] net: flow_offload: add flow_block_cb_is_busy() and use it Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 11/12] net: flow_offload: rename tc_cls_flower_offload to flow_cls_offload Pablo Neira Ayuso
2019-07-09 20:55 ` [PATCH net-next,v4 12/12] netfilter: nf_tables: add hardware offload support Pablo Neira Ayuso
2019-07-10  7:52   ` Jiri Pirko
2019-07-11  0:18     ` Pablo Neira Ayuso
2019-07-09 21:43 ` [PATCH net-next,v4 00/11] netfilter: add hardware offload infrastructure David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).