On Tue, 2 Feb 2021, Marcelo Ricardo Leitner wrote:
> On Wed, Jan 27, 2021 at 04:32:47PM +0200, Paul Blakey wrote:
> > Add support for matching on ct_state reply flag.
>
> Sorry for the late reply, missed the patchset here. (just noticed
> because of the iproute2 patch, th
On Tue, 2 Feb 2021, Marcelo Ricardo Leitner wrote:
> On Tue, Feb 02, 2021 at 02:24:42PM +0200, Paul Blakey wrote:
> > Matches on conntrack rpl ct_state.
> >
> > Example:
> > $ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
> > ct_state +
egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
---
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c| 1 +
2 files changed, 3 insertions(+)
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index 226d1cc..f7336b6 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Reviewed-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 1 +
net/sched/cls_flower.c | 6 --
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index
Give offloading drivers the direction of the offloaded ct flow,
this will be used for matches on direction (ct_state +/-rpl).
Signed-off-by: Paul Blakey
Reviewed-by: Jiri Pirko
---
include/net/flow_offload.h | 1 +
net/sched/act_ct.c | 1 +
2 files changed, 2 insertions(+)
diff --git
\
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Acked-by: Saeed Mahameed
---
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
b/drivers
patch does offload of this new ct_state by using the supplied
connection's direction.
Paul Blakey (3):
net/sched: cls_flower: Add match on the ct_state reply flag
net: flow_offload: Add original direction flag to ct_metadata
net/mlx5: CT: Add support for matching on ct_state reply
On 5/18/2020 9:02 PM, Edward Cree wrote:
> On 18/05/2020 18:25, Jiri Pirko wrote:
>> Is it worth to have an object just for this particular purpose? In the
>> past I was trying to push a tc block object that could be added/removed
>> and being used to insert filters w/o being attached to any qdisc.
On 14/05/2020 18:28, Edward Cree wrote:
> On 14/05/2020 15:49, Jiri Pirko wrote:
>> Thu, May 14, 2020 at 04:04:02PM CEST, ec...@solarflare.com wrote:
>>> Either way, the need to repeat the policy on every tc command suggests
>>> that there really ought to instead be a separate API for configurin
On 18/05/2020 17:56, David Ahern wrote:
> On 5/14/20 8:10 AM, Paul Blakey wrote:
>> Signed-off-by: Paul Blakey
>> ---
>> man/man8/tc-ct.8 | 107
>> +++
>> man/man8/tc-flower.8 | 6 +++
>> 2 files cha
Signed-off-by: Paul Blakey
---
man/man8/tc-ct.8 | 107 +++
man/man8/tc-flower.8 | 6 +++
2 files changed, 113 insertions(+)
create mode 100644 man/man8/tc-ct.8
diff --git a/man/man8/tc-ct.8 b/man/man8/tc-ct.8
new file mode 100644
index
ens1f0_1
Signed-off-by: Paul Blakey
Reviewed-by: Oz Shlomo
Reviewed-by: Jiri Pirko
---
include/net/tc_act/tc_ct.h| 1 +
include/uapi/linux/tc_act/tc_ct.h | 1 +
net/sched/act_ct.c| 19 +++
3 files changed, 21 insertions(+)
diff --git a/include/net/tc_act
-off-by: Paul Blakey
Reviewed-by: Oz Shlomo
Reviewed-by: Jiri Pirko
---
include/net/netfilter/nf_flow_table.h | 7 ++-
net/netfilter/nf_flow_table_core.c| 12 ++--
net/netfilter/nf_flow_table_offload.c | 5 +++--
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a
Usage example:
$ tc filter add dev ens1f0_0 ingress chain 0 flower ct_state -trk \
action ct policy_pkts 10 pipe action goto chain 1
$ tc filter add dev ens1f0_0 ingress chain 1 flower ct_state \
action ct commit policy_pkts 10 pipe \
action mirred egress redirect dev ens1f0_1
Signed-off-by: Paul B
instances of the same zone.
Paul Blakey (3):
netfilter: flowtable: Control flow offload timeout interval
net/sched: act_ct: Add policy_pkts tuple offload control policy
net/sched: act_ct: Add policy_timeout tuple offload control policy
include/net/netfilter/nf_flow_table.h | 7 ++-
include/net
On 5/11/2020 11:42 AM, Pablo Neira Ayuso wrote:
> On Mon, May 11, 2020 at 10:24:44AM +0300, Paul Blakey wrote:
>>
>> On 5/11/2020 1:26 AM, Pablo Neira Ayuso wrote:
>>> On Wed, May 06, 2020 at 02:27:29PM +0300, Paul Blakey wrote:
>>>> Once a flow is considered
On 5/11/2020 1:14 AM, Pablo Neira Ayuso wrote:
> Hi,
>
> On Wed, May 06, 2020 at 02:24:39PM +0300, Paul Blakey wrote:
>> Gc step can queue offloaded flow del work or stats work.
>> Those work items can race each other and a flow could be freed
>> before the stats wo
On 5/11/2020 1:26 AM, Pablo Neira Ayuso wrote:
> On Wed, May 06, 2020 at 02:27:29PM +0300, Paul Blakey wrote:
>> Once a flow is considered expired, it is marked as DYING, and
>> scheduled a delete from hardware. The flow will be deleted from
>> software, in the next g
: hardware offload support")
Signed-off-by: Paul Blakey
Reviewed-by: Oz Shlomo
Reviewed-by: Roi Dayan
---
net/netfilter/nf_flow_table_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_flow_table_core.c
b/net/netfilter/nf_flow_table_core.c
index c0
dding multiple stats works in case stats work
didn't complete but gc step started again.
Signed-off-by: Paul Blakey
Reviewed-by: Roi Dayan
---
include/net/netfilter/nf_flow_table.h | 1 +
net/netfilter/nf_flow_table_offload.c | 8 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
di
On 5/6/2020 5:16 AM, xiangxia.m@gmail.com wrote:
> From: Tonghao Zhang
>
> The commit 0a7fcb78cc21 ("net/mlx5e: Support inner header rewrite with
> goto action"), will decapsulate the tunnel packets if there is a goto
> action in chain 0. But in some case, we don't want do that, for example
On 5/6/2020 5:16 AM, xiangxia.m@gmail.com wrote:
> From: Tonghao Zhang
>
> The commit 0a7fcb78cc21 ("net/mlx5e: Support inner header rewrite with
> goto action"), will decapsulate the tunnel packets if there is a goto
> action in chain 0. But in some case, we don't want do that, for example:
On 9/26/2019 5:26 PM, Edward Cree wrote:
> On 26/09/2019 14:56, Paul Blakey wrote:
>>>> In nat scenarios the packet will be modified, and then there can be a miss:
>>>>
>>>> -trk CT(zone X, Restore NAT),goto chain 1
>>>>
&g
On 9/26/2019 4:09 PM, Edward Cree wrote:
> On 26/09/2019 08:30, Paul Blakey wrote:
>> Ok, I thought you meant merging the rules because we do want to support
>> those modifications use-cases.
> I think the point is that your use-case is sufficiently weird and
> obscure tha
On 9/25/2019 8:01 PM, Edward Cree wrote:
> On 24/09/2019 12:48, Paul Blakey wrote:
>> The 'miss' for all or nothing is easy, but the hard part is combining
>> all the paths a packet can take in software to a single 'all or nothing'
>> rule in hardware.
This a new feature, it is preferred that it defaults to N.
We will probe the feature support from userspace before actually using it.
Fixes: 95a7233c452a ('net: openvswitch: Set OvS recirc_id from tc chain index')
Signed-off-by: Paul Blakey
---
Changelog:
v1->v2: Changed
This a new feature, it is preferred that it defaults to N.
We will probe the feature support from userspace before actually using it.
Fixes: 95a7233c452a ('net: openvswitch: Set OvS recirc_id from tc chain index')
Signed-off-by: Paul Blakey
---
net/sched/Kconfig | 1 -
1 file
On 9/23/2019 8:17 PM, Edward Cree wrote:
> On 23/09/2019 17:56, Paul Blakey wrote:
>> Even following this approach in tc only is challenging for some
>> scenarios, consider the following tc rules:
>>
>> tc filter add dev1 ... chain 0 flower action goto chain 1
>&g
On 9/23/2019 12:47 AM, Jakub Kicinski wrote:
> On Sun, 22 Sep 2019 14:51:44 +0300, Paul Blakey wrote:
>> The skb extension is currently used for miss path of software offloading OvS
>> rules with recirculation to tc.
>> However, we are also preparing patches to support
2a ('net: openvswitch: Set OvS recirc_id from tc chain index')
Signed-off-by: Paul Blakey
---
net/sched/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index b3faafe..4bb10b7 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -966,7 +96
or example, the napi API which we use, uses the control block and comes right
after our
driver layer. This will overwrite any usage of CB by us.
Thanks,
Paul B.
Paul Blakey (1):
net: openvswitch: Set OvS recirc_id from tc chain index
include/linux/skbuff.h | 13 +
include
ng tc chain to ovs recirc_id to
handle these miss cases. Last tc chain index will be set
by tc goto chain action and read by OvS datapath.
Signed-off-by: Paul Blakey
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
---
Changelog:
V3->V4:
Removed changes to tcf_result, instead us actio
On 9/4/2019 12:47 PM, Davide Caratti wrote:
> On Tue, 2019-09-03 at 16:23 +0300, Paul Blakey wrote:
>> Offloaded OvS datapath rules are translated one to one to tc rules,
>> for example the following simplified OvS rule:
>>
>> recirc_id(0),in_port(dev1),eth
On 9/3/2019 5:56 PM, Edward Cree wrote:
> On 03/09/2019 14:23, Paul Blakey wrote:
>> Offloaded OvS datapath rules are translated one to one to tc rules,
>> for example the following simplified OvS rule:
>>
>> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk
or example, the napi API which we use, uses the control block and comes right
after our
driver layer. This will overwrite any usage of CB by us.
Thanks,
Paul B.
Paul Blakey (1):
net: openvswitch: Set OvS recirc_id from tc chain index
include/linux/skbuff.h | 13 +
include
ng tc chain to ovs recirc_id to
handle these miss cases. Last tc chain index will be set
by tc goto chain action and read by OvS datapath.
Signed-off-by: Paul Blakey
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 13 +
include/net/sch_gene
On 8/22/2019 6:57 AM, David Miller wrote:
> From: Paul Blakey
> Date: Tue, 20 Aug 2019 15:30:51 +0300
>
>> @@ -4050,6 +4060,9 @@ enum skb_ext_id {
>> #ifdef CONFIG_XFRM
>> SKB_EXT_SEC_PATH,
>> #endif
>> +#if IS_ENABLED(CONFIG_NET_TC_
Hey guys, sorry for spam, I used the --in-reply-to this time so it gets
to the original thread ("[PATCH net-next v2] net: openvswitch: Set OvS
recirc_id from tc chain index") ,
Ignore this thread and respond there if needed.
Thanks.
On 8/20/2019 3:40 PM, Paul Blakey wrote:
>
aring feature on first recirc_id rule
Signed-off-by: Paul Blakey
---
datapath/linux/compat/include/linux/openvswitch.h | 3 ++
lib/dpif-netdev.c | 1 +
lib/dpif-netlink.c| 61 +++
lib/dpif-provi
aring feature on first recirc_id rule
Signed-off-by: Paul Blakey
---
datapath/linux/compat/include/linux/openvswitch.h | 3 ++
lib/dpif-netdev.c | 1 +
lib/dpif-netlink.c| 61 +++
lib/dpif-provi
ng tc chain to ovs recirc_id to
handle these miss cases. Last tc chain index will be set
by tc goto chain action and read by OvS datapath.
Signed-off-by: Paul Blakey
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
---
V2:
Changed user_features to return not supported for requ
On 8/20/2019 8:50 AM, Pravin Shelar wrote:
> On Mon, Aug 19, 2019 at 10:42 AM Marcelo Ricardo Leitner
> wrote:
>> On Sun, Aug 18, 2019 at 07:00:59PM +0300, Paul Blakey wrote:
>>> What do you guys say about the following diff on top of the last one?
>>>
On 8/18/2019 7:00 PM, Paul Blakey wrote:
> What do you guys say about the following diff on top of the last one?
> Use static key, and also have OVS_DP_CMD_SET command probe/enable the feature.
>
> This will allow userspace to probe the feature, and selectivly enable i
What do you guys say about the following diff on top of the last one?
Use static key, and also have OVS_DP_CMD_SET command probe/enable the feature.
This will allow userspace to probe the feature, and selectivly enable it via the
OVS_DP_CMD_SET command.
Thansk,
Paul.
---
include/uapi/linux/ope
On 8/12/2019 7:18 PM, Pravin Shelar wrote:
> On Sun, Aug 11, 2019 at 3:46 AM Paul Blakey wrote:
>>
>> On 8/8/2019 11:53 PM, Pravin Shelar wrote:
>>> On Wed, Aug 7, 2019 at 5:08 AM Paul Blakey wrote:
>>>> Offloaded OvS datapath rules are translated one to o
On 8/8/2019 11:53 PM, Pravin Shelar wrote:
> On Wed, Aug 7, 2019 at 5:08 AM Paul Blakey wrote:
>> Offloaded OvS datapath rules are translated one to one to tc rules,
>> for example the following simplified OvS rule:
>>
>> recirc_id(0),in_port(dev1),eth_type(0x0800),ct
On 8/8/2019 11:53 PM, Pravin Shelar wrote:
> On Wed, Aug 7, 2019 at 5:08 AM Paul Blakey wrote:
>> Offloaded OvS datapath rules are translated one to one to tc rules,
>> for example the following simplified OvS rule:
>>
>> recirc_id(0),in_port(dev1),eth_type(0x0800),ct
On 8/7/2019 6:00 PM, Marcelo Ricardo Leitner wrote:
> On Wed, Aug 07, 2019 at 03:08:42PM +0300, Paul Blakey wrote:
>> Offloaded OvS datapath rules are translated one to one to tc rules,
>> for example the following simplified OvS rule:
>>
>> recirc_id(0),in_port(dev1
ng tc chain to ovs recirc_id to
handle these miss cases. Last tc chain index will be set
by tc goto chain action and read by OvS datapath.
Signed-off-by: Paul Blakey
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
---
include/linux/skbuff.h| 13 +
include/net/sch_generic.h
On 7/26/2019 5:01 PM, Marcelo Ricardo Leitner wrote:
> On Fri, Jul 26, 2019 at 08:39:43PM +0800, wenxu wrote:
>>
>> 在 2019/7/26 20:19, Or Gerlitz 写道:
>>> On Fri, Jul 26, 2019 at 12:24 AM Saeed Mahameed wrote:
On Thu, 2019-07-25 at 19:24 +0800, we...@ucloud.cn wrote:
> From: wenxu
>
Hey guys,
any more comments?
thanks,
Paul.
Strict netlink validation now requires this flag on all nested
attributes, add it for action options.
Signed-off-by: Paul Blakey
---
tc/m_action.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tc/m_action.c b/tc/m_action.c
index ab6bc0a..2d36a69 100644
--- a/tc
onnection tracking action
+ *
+ * Authors: Paul Blakey
+ *Yossi Kuperman
+ *Marcelo Ricardo Leitner
+ */
+
+#include
+#include
+#include
+#include
+#include "utils.h"
+#include "tc_util.h"
+#include
+
+static void
+usage(void)
Matches on conntrack state, zone, mark, and label.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
Acked-by: Roi Dayan
---
man/man8/tc-flower.8 | 35 +++
tc/f_flower.c| 276
redirect dev ens1f0_0
Changelog:
V1->V2:
Removed pkt_cls changes (as it was merged already)
Paul Blakey (3):
tc: add NLA_F_NESTED flag to all actions options nested block
tc: Introduce tc ct action
tc: flower: Add matching on conntrack info
include/uapi/linux/tc_act/tc_ct.h |
On 7/9/2019 6:36 PM, Marcelo Ricardo Leitner wrote:
> On Tue, Jul 09, 2019 at 06:58:36AM +0000, Paul Blakey wrote:
>> On 7/8/2019 8:54 PM, Marcelo Ricardo Leitner wrote:
>>> On Sun, Jul 07, 2019 at 11:53:47AM +0300, Paul Blakey wrote:
>>>> New tc action to send packe
On 7/9/2019 10:14 PM, David Miller wrote:
> From: Paul Blakey
> Date: Tue, 9 Jul 2019 10:30:47 +0300
>
>> This patch series add connection tracking capabilities in tc sw datapath.
>> It does so via a new tc action, called act_ct, and new tc flower classifier
>> mat
New matches for conntrack mark, label, zone, and state.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 16 ++
net/sched/cls_flower.c | 127
tches.
Paul Blakey (4):
net/sched: Introduce action ct
net/flow_dissector: add connection tracking dissection
net/sched: cls_flower: Add matching on conntrack info
tc-tests: Add tc action ct tests
include/linux/skbuff.h | 10 +
include/net/flow_dissec
Add 13 tests ensuring the command line is doing what is supposed to do.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Marcelo Ricardo Leitner
---
.../selftests/tc-testing/tc-tests/actions/ct.json | 314 +
1 file changed, 314 insertions(+)
create mode 100644 tools/t
proto tcp ct_state -trk \
action ct zone 2 pipe \
action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
prio 1 chain 1 proto ip \
flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
action ct nat pipe \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Signed-o
Retreives connection tracking zone, mark, label, and state from
a SKB.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 10 ++
include/net/flow_dissector.h | 15 +++
net/core/flow_dissector.c| 44
On 7/8/2019 8:54 PM, Marcelo Ricardo Leitner wrote:
> On Sun, Jul 07, 2019 at 11:53:47AM +0300, Paul Blakey wrote:
>> New tc action to send packets to conntrack module, commit
>> them, and set a zone, labels, mark, and nat on the connection.
>>
>> It can also clear the
On 7/8/2019 6:28 PM, Florian Westphal wrote:
> Marcelo Ricardo Leitner wrote:
>>> + } else { /* NFPROTO_IPV6 */
>>> + enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
>>> +
>>> + memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
>>> + err = nf_ct_fr
Retreives connection tracking zone, mark, label, and state from
a SKB.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 10 ++
include/net/flow_dissector.h | 15 +++
net/core/flow_dissector.c| 44
proto tcp ct_state -trk \
action ct zone 2 pipe \
action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
prio 1 chain 1 proto ip \
flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
action ct nat pipe \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Signed-o
New matches for conntrack mark, label, zone, and state.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 16 ++
net/sched/cls_flower.c | 127
Add 13 tests ensuring the command line is doing what is supposed to do.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Marcelo Ricardo Leitner
---
.../selftests/tc-testing/tc-tests/actions/ct.json | 314 +
1 file changed, 314 insertions(+)
create mode 100644 tools/t
tches.
Paul Blakey (4):
net/sched: Introduce action ct
net/flow_dissector: add connection tracking dissection
net/sched: cls_flower: Add matching on conntrack info
tc-tests: Add tc action ct tests
include/linux/skbuff.h | 10 +
include/net/flow_dissec
On 7/7/2019 3:04 PM, Florian Westphal wrote:
> Paul Blakey wrote:
>> +/* Determine whether skb->_nfct is equal to the result of conntrack lookup.
>> */
>> +static bool tcf_ct_skb_nfct_cached(struct net *net, struct sk_buff *skb,
>> +
redirect dev ens1f0_0
Paul Blakey (3):
tc: add NLA_F_NESTED flag to all actions options nested block
tc: Introduce tc ct action
tc: flower: Add matching on conntrack info
include/uapi/linux/pkt_cls.h | 17 ++
include/uapi/linux/tc_act/tc_ct.h | 41
man/man8/tc-flower.8
Strict netlink validation now requires this flag on all nested
attributes, add it for action options.
Signed-off-by: Paul Blakey
---
tc/m_action.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tc/m_action.c b/tc/m_action.c
index ab6bc0a..2d36a69 100644
--- a/tc
Matches on conntrack state, zone, mark, and label.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
Acked-by: Roi Dayan
---
include/uapi/linux/pkt_cls.h | 17 +++
man/man8/tc-flower.8 | 35 ++
tc/f_flower.c
onnection tracking action
+ *
+ * Authors: Paul Blakey
+ *Yossi Kuperman
+ *Marcelo Ricardo Leitner
+ */
+
+#include
+#include
+#include
+#include
+#include "utils.h"
+#include "tc_util.h"
+#include
+
+static void
+usage(void)
proto tcp ct_state -trk \
action ct zone 2 pipe \
action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
prio 1 chain 1 proto ip \
flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
action ct nat pipe \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Signed-o
Add 13 tests ensuring the command line is doing what is supposed to do.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Marcelo Ricardo Leitner
---
.../selftests/tc-testing/tc-tests/actions/ct.json | 314 +
1 file changed, 314 insertions(+)
create mode 100644 tools/t
tches.
Paul Blakey (4):
net/sched: Introduce action ct
net/flow_dissector: add connection tracking dissection
net/sched: cls_flower: Add matching on conntrack info
tc-tests: Add tc action ct tests
include/linux/skbuff.h | 10 +
include/net/flow_dissec
New matches for conntrack mark, label, zone, and state.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 16 ++
net/sched/cls_flower.c | 127
Retreives connection tracking zone, mark, label, and state from
a SKB.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 10 ++
include/net/flow_dissector.h | 15 +++
net/core/flow_dissector.c| 44
On 7/5/2019 12:55 AM, Jakub Kicinski wrote:
> On Thu, 4 Jul 2019 14:53:50 +0300, Paul Blakey wrote:
>> +static const struct nla_policy ct_policy[TCA_CT_MAX + 1] = {
>> +[TCA_CT_ACTION] = { .type = NLA_U16 },
> Please use strict checking in all new policies.
&g
tches.
Paul Blakey (4):
net/sched: Introduce action ct
net/flow_dissector: add connection tracking dissection
net/sched: cls_flower: Add matching on conntrack info
tc-tests: Add tc action ct tests
include/linux/skbuff.h | 10 +
include/net/flow_dissec
New matches for conntrack mark, label, zone, and state.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 16 ++
net/sched/cls_flower.c | 127
proto tcp ct_state -trk \
action ct zone 2 pipe \
action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
prio 1 chain 1 proto ip \
flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
action ct nat pipe \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Signed-o
Retreives connection tracking zone, mark, label, and state from
a SKB.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 10 ++
include/net/flow_dissector.h | 15 +++
net/core/flow_dissector.c| 44
Add 13 tests ensuring the command line is doing what is supposed to do.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Marcelo Ricardo Leitner
---
.../selftests/tc-testing/tc-tests/actions/ct.json | 314 +
1 file changed, 314 insertions(+)
create mode 100644 tools/t
On 6/24/2019 8:59 PM, Cong Wang wrote:
> On Thu, Jun 20, 2019 at 6:43 AM Paul Blakey wrote:
>> Hi,
>>
>> This patch series add connection tracking capabilities in tc sw datapath.
>> It does so via a new tc action, called act_ct, and new tc flower classifier
>&g
On 6/27/2019 10:53 PM, David Miller wrote:
> From: Paul Blakey
> Date: Thu, 20 Jun 2019 16:42:18 +0300
>
>> +struct tcf_ct_params {
> ...
>> +struct rcu_head rcu;
>> +
>> +};
> Please get ride of that empty line after the 'rcu' member.
>
Add 13 tests ensuring the command line is doing what is supposed to do.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Marcelo Ricardo Leitner
---
.../selftests/tc-testing/tc-tests/actions/ct.json | 314 +
1 file changed, 314 insertions(+)
create mode 100644 tools/t
New matches for conntrack mark, label, zone, and state.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Yossi Kuperman
Acked-by: Jiri Pirko
---
include/uapi/linux/pkt_cls.h | 16 ++
net/sched/cls_flower.c | 127
tches.
Paul Blakey (4):
net/sched: Introduce action ct
net/flow_dissector: add connection tracking dissection
net/sched: cls_flower: Add matching on conntrack info
tc-tests: Add tc action ct tests
include/linux/skbuff.h | 10 +
include/net/flow_dissec
Retreives connection tracking zone, mark, label, and state from
a SKB.
Signed-off-by: Paul Blakey
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jiri Pirko
---
include/linux/skbuff.h | 10 ++
include/net/flow_dissector.h | 15 +++
net/core/flow_dissector.c| 44
proto tcp ct_state -trk \
action ct zone 2 pipe \
action goto chain 1
$ tc filter add dev ens1f0_1 ingress \
prio 1 chain 1 proto ip \
flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \
action ct nat pipe \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Paul Blakey
Signed-o
On 6/18/2019 7:03 PM, Cong Wang wrote:
> On Fri, Jun 14, 2019 at 12:24 PM Marcelo Ricardo Leitner
> wrote:
>> On Fri, Jun 14, 2019 at 11:07:37AM -0700, Cong Wang wrote:
>>> On Tue, Jun 11, 2019 at 9:44 AM Marcelo Ricardo Leitner
>>> wrote:
I had suggested to let act_ct handle the above as w
On 6/19/2019 9:33 PM, Marcelo Ricardo Leitner wrote:
> On Tue, Jun 11, 2019 at 04:28:31PM +0300, Paul Blakey wrote:
> ...
>> +static int tcf_ct_fill_params_nat(struct tcf_ct_params *p,
>> + struct tc_ct *parm,
>> +
On 6/14/2019 9:02 PM, Cong Wang wrote:
> On Tue, Jun 11, 2019 at 7:05 AM Paul Blakey wrote:
>> Allow sending a packet to conntrack and set conntrack zone, mark,
>> labels and nat parameters.
>>
> This is too short to justify why you want to play with L3 stuff in L2.
&g
On 6/12/2019 10:55 PM, Florian Westphal wrote:
> Paul Blakey wrote:
>> +/* The conntrack module expects to be working at L3. */
> It also expects that IP stack has validated ip(v6)
> headers and has pulled the ip header into linear area.
>
> What are your plans wrt.
On 6/12/2019 9:04 PM, Marcelo Ricardo Leitner wrote:
> On Tue, Jun 11, 2019 at 04:28:31PM +0300, Paul Blakey wrote:
>> Allow sending a packet to conntrack and set conntrack zone, mark,
>> labels and nat parameters.
>>
>> Signed-off-by: Paul Blakey
>> Signe
On 6/11/2019 11:23 PM, Toke Høiland-Jørgensen wrote:
> Marcelo Ricardo Leitner writes:
>
>> On Tue, Jun 11, 2019 at 05:34:50PM +0200, Toke Høiland-Jørgensen wrote:
>>> Paul Blakey writes:
>>>
>>>> On 6/11/2019 4:59 PM, Toke Høiland-Jørgensen wrote:
>
On 6/13/2019 1:49 PM, Davide Caratti wrote:
> On Thu, 2019-06-13 at 12:16 +0200, Davide Caratti wrote:
>> hello Paul!
>>
>> On Tue, 2019-06-11 at 16:28 +0300, Paul Blakey wrote:
>>
>>> +#endif /* __NET_TC_CT_H */
>>> diff --git a/include/uapi/l
On 6/11/2019 4:59 PM, Toke Høiland-Jørgensen wrote:
> Paul Blakey writes:
>
>> Allow sending a packet to conntrack and set conntrack zone, mark,
>> labels and nat parameters.
> How is this different from the newly merged ctinfo action?
>
> -Toke
Hi,
ctinfo does one
1 - 100 of 172 matches
Mail list logo
