[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: [PATCH nf-next v2 0/3] Conntrack GRE offload
From: Toshiaki Makita <toshiaki.makita1 () gmail ! com>
Date: 2022-02-25 1:53:06
Message-ID: 20220225015309.2576980-1-toshiaki.makita1 () gmail ! com
[Download RAW message or body]
Conntrack offload currently only supports TCP and UDP.
Thus TC/nftables/OVS cannot offload GRE packets.
However, GRE is widely used so some users create gre devices in VMs,
and in that case host OVS forwards GRE packets from/to VMs.
In order to offload GRE packets in OVS with stateful firewall support,
we need act_ct GRE offload support.
This patch set adds GRE offload support for act_ct and mlx5 conntrack.
Currently only GREv0 and no NAT support.
- Patch 1: flow_offload/flowtable GRE support.
- Patch 2: act_ct GRE offload support.
- Patch 3: mlx5 conntrack GRE offload support.
Tested with ConnectX-6 Dx 100G NIC and netperf TCP_STREAM.
+------------------------------------+
| +-----------+
| |(namespace)|
+---------+ | | netserver |
| | wire +----+ tc +--------+ +-------+ |
| netperf |-------->|mlx5|------>|mlx5 rep|--|mlx5 vf| |
| | +----+ +--------+ +-------+---+
+---------+ +------------------------------------+
- No offload (TC skip_hw): 8.5 Gbps
- Offload (act_ct) : 22 Gbps
v2:
- Replace if-else with switch in patch 1 and 2
Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Toshiaki Makita (3):
netfilter: flowtable: Support GRE
act_ct: Support GRE offload
net/mlx5: Support GRE conntrack offload
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 21 ++--
net/netfilter/nf_flow_table_core.c | 10 +-
net/netfilter/nf_flow_table_ip.c | 62 +++++++++--
net/netfilter/nf_flow_table_offload.c | 22 ++--
net/netfilter/nft_flow_offload.c | 13 +++
net/sched/act_ct.c | 115 ++++++++++++++++-----
6 files changed, 194 insertions(+), 49 deletions(-)
--
1.8.3.1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic