NAK: [SRU][F:linux-bluefield][PATCH 0/3] Pass originating device to drivers offloading ct connection

Tim Gardner tim.gardner at canonical.com
Fri Feb 11 12:54:27 UTC 2022 

Missing BugLink in patch 3. Patches 2-3 have also been merged upstream.

On 2/10/22 6:17 PM, Bodong Wang wrote:
> Currently, drivers register to a ct zone that can be shared by multiple
> devices. This can be inefficient for the driver to offload, as it
> needs to handle all the cases where the tuple can come from,
> instead of where it's most likely will arive from.
> 
> For example, consider the following tc rules:
> tc filter add dev dev1 ... flower action ct commit zone 5 \
> action mirred egress redirect dev dev2
> 
> tc filter add dev dev2 ... flower action ct zone 5 \
> action goto chain chain 2
> tc filter add dev dev2 ... flower ct_state +trk+est ... \
> action mirred egress redirect dev dev1
> 
> Both dev2 and dev1 register to the zone 5 flow table (created
> by act_ct). A tuple originating on dev1, going to dev2, will
> be offloaded to both devices, and both will need to offload
> both directions, resulting in 4 total rules. The traffic
> will only hit originiating tuple on dev1, and reply tuple
> on dev2.
> 
> By passing the originating device that created the connection
> with the tuple, dev1 can choose to offload only the originating
> tuple, and dev2 only the reply tuple. Resulting in a more
> efficient offload.
> 
> The 1st patch is needed for libreal tcp conntrack for efficiency.
> 
> The 2nd patch adds an act_ct nf conntrack extension, to
> temporarily store the originiating device from the skb before
> offloading the connection once the connection is established.
> Once sent to offload, it fills the tuple originating device.
> 
> The 3rd patch get this information from tuples
> which pass in openvswitch.
> 
> Numan Siddique (1):
>    net: openvswitch: Be liberal in tcp conntrack.
> 
> Paul Blakey (2):
>    net/sched: act_ct: Fill offloading tuple iifidx
>    net: openvswitch: Fill act ct extension
> 
>   include/net/netfilter/nf_conntrack_act_ct.h  | 50 ++++++++++++++++++++++++++++
>   include/net/netfilter/nf_conntrack_extend.h  |  4 +++
>   include/net/netfilter/nf_conntrack_l4proto.h | 14 ++++++++
>   net/netfilter/nf_conntrack_core.c            |  6 +++-
>   net/netfilter/nf_conntrack_proto_tcp.c       |  6 ----
>   net/openvswitch/conntrack.c                  | 14 ++++++++
>   net/sched/act_ct.c                           | 27 +++++++++++++++
>   7 files changed, 114 insertions(+), 7 deletions(-)
>   create mode 100644 include/net/netfilter/nf_conntrack_act_ct.h
> 

-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list