ACK: [SRU][F:linux-bluefield][PATCH V2 0/3] Pass originating device to drivers offloading ct connection
tim.gardner at canonical.com
Mon Mar 7 16:39:43 UTC 2022
Acked-by: Tim Gardner <tim.gardner at canonical.com>
On 2/18/22 17:35, Bodong Wang wrote:
> Currently, drivers register to a ct zone that can be shared by multiple
> devices. This can be inefficient for the driver to offload, as it
> needs to handle all the cases where the tuple can come from,
> instead of where it's most likely will arive from.
> For example, consider the following tc rules:
> tc filter add dev dev1 ... flower action ct commit zone 5 \
> action mirred egress redirect dev dev2
> tc filter add dev dev2 ... flower action ct zone 5 \
> action goto chain chain 2
> tc filter add dev dev2 ... flower ct_state +trk+est ... \
> action mirred egress redirect dev dev1
> Both dev2 and dev1 register to the zone 5 flow table (created
> by act_ct). A tuple originating on dev1, going to dev2, will
> be offloaded to both devices, and both will need to offload
> both directions, resulting in 4 total rules. The traffic
> will only hit originiating tuple on dev1, and reply tuple
> on dev2.
> By passing the originating device that created the connection
> with the tuple, dev1 can choose to offload only the originating
> tuple, and dev2 only the reply tuple. Resulting in a more
> efficient offload.
> The 1st patch is needed for libreal tcp conntrack for efficiency.
> The 2nd patch adds an act_ct nf conntrack extension, to
> temporarily store the originiating device from the skb before
> offloading the connection once the connection is established.
> Once sent to offload, it fills the tuple originating device.
> The 3rd patch get this information from tuples
> which pass in openvswitch.
> 1. Add missing buglink for patch 3
> 2. Remove linux-next for patch 2 and 3, they're merged
> 1. Fix signoff order of patch 1
> 2. Add David signoff for patch 2 and 3
> Numan Siddique (1):
> net: openvswitch: Be liberal in tcp conntrack.
> Paul Blakey (2):
> net/sched: act_ct: Fill offloading tuple iifidx
> net: openvswitch: Fill act ct extension
> include/net/netfilter/nf_conntrack_act_ct.h | 50 ++++++++++++++++++++++++++++
> include/net/netfilter/nf_conntrack_extend.h | 4 +++
> include/net/netfilter/nf_conntrack_l4proto.h | 14 ++++++++
> net/netfilter/nf_conntrack_core.c | 6 +++-
> net/netfilter/nf_conntrack_proto_tcp.c | 6 ----
> net/openvswitch/conntrack.c | 14 ++++++++
> net/sched/act_ct.c | 27 +++++++++++++++
> 7 files changed, 114 insertions(+), 7 deletions(-)
> create mode 100644 include/net/netfilter/nf_conntrack_act_ct.h
More information about the kernel-team