On Thu, Dec 20, 2018 at 2:35 PM Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Wed, Dec 19, 2018 at 04:26:53PM -0800, Jakub Kicinski wrote:
> > I'm confused, could you rephrase? How does you work help such devices? > > How is tc not suitable for them? > There are two HW offload usecases: > > #1 Policy resides in software, CPU host sees initial packets, based on > policy, you place flows into hardware via nf_flow_table infrastructure. > This usecase is fine in your NIC since you assume host CPU can cope > with policy in software for these few initial packets of the flow. > However, switches usually have a small CPU to run control plane > software only. There we _cannot_ use this approach. > > #2 Policy resides in hardware. For the usecase of switches with small > CPU, the ACL is deployed in hardware. We use the host CPU to run > control plane configurations only. > > This patchset _is not_ related to #1, this patchset _is_ related to #2. confused, isn't this patch set related to connection tracking offloads on modern NIC HWs? > So far, there is infrastructure in Netfilter to do #1, it should be > possible to use it from TC too. In TC, there is infrastructure for #2 > which can be reused from Netfilter.
