tree.
在 2019/5/23 23:15, Roi Dayan 写道:
>
> On 20/05/2019 04:53, wenxu wrote:
>> Hi Roi & Saeed,
>>
>> I just test the mlx5e lag and mutipath feature. There are some suituation
>> the outgoing can't be offloaded.
>>
>> ovs configureation as following
From: wenxu
When CONFIG_IPV6 is not build with modules and CONIFG_NF_CONNTRACK_BRIDGE=m
There will compile err:
net/ipv6/netfilter.c:242:2: error: unknown field 'br_defrag' specified in
initializer
.br_defrag = nf_ct_frag6_gather,
net/ipv6/netfilter.c:243:2: error: unknown field &#
Signed-off-by: wenxu
On 5/31/2019 5:15 PM, Pablo Neira Ayuso wrote:
> This patch fixes a few problems with CONFIG_IPV6=y and
> CONFIG_NF_CONNTRACK_BRIDGE=m:
>
> In file included from net/netfilter/utils.c:5:
> include/linux/netfilter_ipv6.h: In function 'nf_ipv6_br_defr
From: wenxu
CONFIG_NETFILTER=m and CONFIG_NF_DEFRAG_IPV6 is not set
ERROR: "nf_ct_frag6_gather" [net/ipv6/ipv6.ko] undefined!
Fixes: c9bb6165a16e ("netfilter: nf_conntrack_bridge: fix CONFIG_IPV6=y")
Reported-by: kbuild test robot
Signed-off-by: wenxu
---
net/ipv6/net
From: wenxu
CONFIG_NETFILTER=m and CONFIG_NF_DEFRAG_IPV6 is not set
ERROR: "nf_ct_frag6_gather" [net/ipv6/ipv6.ko] undefined!
Fixes: c9bb6165a16e ("netfilter: nf_conntrack_bridge: fix CONFIG_IPV6=y")
Reported-by: kbuild test robot
Signed-off-by: wenxu
---
v2: Forgot
From: wenxu
nft add rule bridge firewall rule-100-ingress ip protocol icmp drop
The rule like above "ip protocol icmp", the packet will not be
matched, It tracelate base=NFT_PAYLOAD_LL_HEADER off=12 &&
base=NFT_PAYLOAD_NETWORK_HEADER off=11
if the packet contained with tag
ons.
So there can be a good way for each msgtype have their own mutex for dump
operations?
BR
wenxu
From: wenxu
bridge vlan add dev veth1 vid 200 pvid untagged
bridge vlan add dev veth2 vid 200 pvid untagged
nft add table bridge firewall
nft add chain bridge firewall zones { type filter hook prerouting priority -
300 \; }
nft add rule bridge firewall zones counter ct zone set vlan id map
On 7/25/2019 7:51 AM, Marcelo Ricardo Leitner wrote:
> On Thu, Jul 11, 2019 at 04:03:30PM +0800, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> The flow_cls_common_offload prio should be not zero
>>
>> It leads the invalid table prio in hw.
>>
>> # nft
From: wenxu
move tc indirect block to flow_offload.c. The nf_tables
can use the indr block architecture.
Signed-off-by: wenxu
---
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet/netronome/nfp/flower/offload.c| 10 +-
include/net/flow_offload.h
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device
Signed-off-by: wenxu
---
net/netfilter/nf_tables_api.c | 6 ++
net/netfilter/nf_tables_offload.c | 137 ++
2 files changed, 115 insertions(+), 28 deletions
From: wenxu
It provide a callback to find the tcf block in
the flow_indr_block_dev_get
Signed-off-by: wenxu
---
include/net/flow_offload.h | 4
net/core/flow_offload.c| 12
net/sched/cls_api.c| 31 +++
3 files changed, 47 insertions
On 7/25/2019 6:22 PM, Florian Westphal wrote:
> we...@ucloud.cn wrote:
>> From: wenxu
>>
>> move tc indirect block to flow_offload.c. The nf_tables
>> can use the indr block architecture.
> ... to do what? Can you please illustrate how this is going to be
t;block immediately through tc_dev_ingress_block,
But when the indr_block_dev_get put in the common flow_offload. It can not
direct access
tc_dev_ingress_block.
On 7/25/2019 6:24 PM, Florian Westphal wrote:
> we...@ucloud.cn wrote:
>> From: wenxu
>>
>> It provide a
From: wenxu
The flow_cls_common_offload prio is zero
It leads the invalid table prio in hw.
Error: Could not process rule: Invalid argument
kernel log:
mlx5_core :81:00.0: E-Switch: Failed to create FDB Table err -22 (table
prio: 65535, level: 0, size: 4194304)
table_prio = (chain
From: wenxu
Because the new flow-indr-block can't get the tcf_block
directly.
It provide a callback to find the tcf block immediately
when the device register and contain a ingress block.
Signed-off-by: wenxu
---
v2: make use of flow_block
include/net/flow_offload.h | 4
net
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first patch mv tc indr block to flow offload and rename
to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The second
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
v2: make use of flow_block from Pablo
flow_indr_rhashtable_init advice by jakub.kicinski
drivers/net/ethernet/mellanox/mlx5
在 2019/7/26 20:19, Or Gerlitz 写道:
> On Fri, Jul 26, 2019 at 12:24 AM Saeed Mahameed wrote:
>> On Thu, 2019-07-25 at 19:24 +0800, we...@ucloud.cn wrote:
>>> From: wenxu
>>>
>>> The flow_cls_common_offload prio is zero
>>>
>>> It leads
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first patch mv tc indr block to flow offload and rename
to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The second
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
v3: subsys_initcall for init_flow_indr_rhashtable
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet
From: wenxu
Because the new flow-indr-block can't get the tcf_block
directly.
It provide a callback to find the tcf block immediately
when the device register and contain a ingress block.
Signed-off-by: wenxu
---
v3: no change
include/net/flow_offload.h | 4
net/core/flow_offl
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
在 2019/7/27 8:52, Jakub Kicinski 写道:
> On Fri, 26 Jul 2019 21:34:06 +0800, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> Because the new flow-indr-block can't get the tcf_block
>> directly.
>> It provide a callback to find the tcf block immediately
>
在 2019/7/27 8:56, Jakub Kicinski 写道:
> On Fri, 26 Jul 2019 21:34:05 +0800, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> move tc indirect block to flow_offload and rename
>> it to flow indirect block.The nf_tables can use the
>> indr block architecture.
>>
&
From: wenxu
When call flow_block_cb_is_busy. The indr_priv is guaranteed to
NULL ptr. So there is no need to call flow_bock_cb_is_busy.
Fixes: 0d4fd02e7199 ("net: flow_offload: add flow_block_cb_is_busy() and use
it")
Signed-off-by: wenxu
---
drivers/net/ethernet/mellanox/mlx5/cor
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first patch mv tc indr block to flow offload and rename
to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The second
From: wenxu
When thre indr device register, it can get the default block
from tc immediately if the block is exist.
Signed-off-by: wenxu
---
v3: no change
v4: get tc default block without callback
include/net/pkt_cls.h | 7 +++
net/core/flow_offload.c | 2 ++
net/sched/cls_api.c
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
v3: subsys_initcall for init_flow_indr_rhashtable
v4: no change
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10
On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
> .
> The TC default block is there because the indirect registration may
> happen _after_ the block is installed and populated. It's the device
> driver that usually does the indirect registration, the tunnel device
> and its rules may already be set
Hi pablo
Any suggestion for this case. Tthe 0 prio vlaue for driver is an invalid
priority. So What should we do for this
case? Currently there is no prio for each nft rules.
BR
wenxu
On 7/25/2019 11:45 AM, Marcelo Ricardo Leitner wrote:
> On Thu, Jul 25, 2019 at 11:03:52AM +0800, we
On 7/29/2019 12:42 PM, Jakub Kicinski wrote:
> On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
>> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
>>> I don't know the nft code, but it seems unlikely it wouldn't have the
>>> same problem/need..
>> nft don
On 7/29/2019 12:42 PM, Jakub Kicinski wrote:
> On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
>> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
>>> I don't know the nft code, but it seems unlikely it wouldn't have the
>>> same problem/need..
>> nft don
在 2019/7/29 19:13, Jiri Pirko 写道:
> Sun, Jul 28, 2019 at 08:52:47AM CEST, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> move tc indirect block to flow_offload and rename
>> it to flow indirect block.The nf_tables can use the
>> indr block architecture.
>>
在 2019/7/30 0:55, Jakub Kicinski 写道:
> On Mon, 29 Jul 2019 15:18:03 +0800, wenxu wrote:
>> On 7/29/2019 12:42 PM, Jakub Kicinski wrote:
>>> On Mon, 29 Jul 2019 10:43:56 +0800, wenxu wrote:
>>>> On 7/29/2019 4:16 AM, Jakub Kicinski wrote:
>>>>> I d
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first four patches mv tc indr block to flow offload and
rename to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The f
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet/netronome/nfp/flower/offload.c| 11 +-
include
From: wenxu
This patch make tc_indr_block_dev can separate from tc subsystem
Signed-off-by: wenxu
---
net/sched/cls_api.c | 31 ++-
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 2e3b58d..f9643fa
From: wenxu
This patch make tc_indr_block_ing_cmd can't access struct
tc_indr_block_dev and tc_indr_block_cb.
Signed-off-by: wenxu
---
net/sched/cls_api.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched/cls_
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
From: wenxu
The new flow-indr-block can't get the tcf_block
directly. It provide a callback list to find the flow_block immediately
when the device register and contain a ingress block.
Signed-off-by: wenxu
---
include/net/flow_offload.h | 17 +
net/core/flow_offload.c
From: wenxu
This patch make indr_block_call don't access struct tc_indr_block_cb
and tc_indr_block_dev directly
Signed-off-by: wenxu
---
net/sched/cls_api.c | 33 -
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/net/sched/cls_api.c b/net/
From: wenxu
This patch make tc_indr_block_ing_cmd can't access struct
tc_indr_block_dev and tc_indr_block_cb.
Signed-off-by: wenxu
---
v5: new patch
net/sched/cls_api.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/net/sched/cls_api.c
From: wenxu
The new flow-indr-block can't get the tcf_block
directly. It provide a callback list to find the flow_block immediately
when the device register and contain a ingress block.
Signed-off-by: wenxu
---
v5: add get_block_cb_list for both nft and tc
include/net/flow_offload.h
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first four patches mv tc indr block to flow offload and
rename to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The f
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
v5: make flow_indr_block_cb/dev in c file
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet
From: wenxu
This patch make tc_indr_block_dev can separate from tc subsystem
Signed-off-by: wenxu
---
v5: new patch
net/sched/cls_api.c | 31 ++-
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 2e3b58d
From: wenxu
This patch make indr_block_call don't access struct tc_indr_block_cb
and tc_indr_block_dev directly
Signed-off-by: wenxu
---
v5: new patch
net/sched/cls_api.c | 33 -
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/net/
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
On 8/1/2019 11:58 AM, Yunsheng Lin wrote:
> On 2019/8/1 11:03, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> nftable support indr-block call. It makes nftable an offload vlan
>> and tunnel device.
>>
>> nft add table netdev firewall
>> nft add ch
On 8/2/2019 7:11 AM, Jakub Kicinski wrote:
> On Thu, 1 Aug 2019 11:03:46 +0800, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> The new flow-indr-block can't get the tcf_block
>> directly. It provide a callback list to find the flow_block immediately
>>
On 8/2/2019 7:11 AM, Jakub Kicinski wrote:
> On Thu, 1 Aug 2019 11:03:46 +0800, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> The new flow-indr-block can't get the tcf_block
>> directly. It provide a callback list to find the flow_block immediately
>>
在 2019/8/2 18:45, wenxu 写道:
> On 8/2/2019 7:11 AM, Jakub Kicinski wrote:
>> On Thu, 1 Aug 2019 11:03:46 +0800, we...@ucloud.cn wrote:
>>> From: wenxu
>>>
>>> The new flow-indr-block can't get the tcf_block
>>> directly. It provide a callback li
在 2019/8/3 2:02, Jakub Kicinski 写道:
> On Fri, 2 Aug 2019 21:09:03 +0800, wenxu wrote:
>>>> We'd have something like the loop in flow_get_default_block():
>>>>
>>>>for each (subsystem)
>>>>subsystem->handle_new_indir_cb(
在 2019/8/3 8:21, Jakub Kicinski 写道:
> On Sat, 3 Aug 2019 07:19:31 +0800, wenxu wrote:
>>> Or:
>>>
>>> device unregister:
>>> - nft block destroy
>>> - UNBIND cb
>>> - free driver's block state
>>> - driver n
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first four patches mv tc indr block to flow offload and
rename to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The
From: wenxu
This patch make indr_block_call don't access struct tc_indr_block_cb
and tc_indr_block_dev directly
Signed-off-by: wenxu
---
v6: no change
net/sched/cls_api.c | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/net/sched/cls_ap
From: wenxu
It provide a callback list to find the blocks of tc
and nft subsystems
Signed-off-by: wenxu
---
v6: new patch
include/net/flow_offload.h | 10 +-
net/core/flow_offload.c| 47 +-
net/sched/cls_api.c| 9 -
3
From: wenxu
This patch make tc_indr_block_ing_cmd can't access struct
tc_indr_block_dev and tc_indr_block_cb.
Signed-off-by: wenxu
---
v6: no change
net/sched/cls_api.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/net/sched/cls_api.c
From: wenxu
Remove the tcf_block in the tc_indr_block_dev for muti-subsystem
support.
Signed-off-by: wenxu
---
v6: new patch
net/sched/cls_api.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 2e3b58d
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
---
v6: add a block_get_and_ing_cmd callback
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet/netronome
v5 contain this patch but with non-version tag,
I used --subject-prefix in git-format-patch. I am sorry to make a mistake when
modify the
commit log. So should I repost the v6?
On 8/5/2019 2:02 PM, Jiri Pirko wrote:
> Re subject. You don't have "v5" in this patch. I don't understand how
> tha
在 2019/8/7 0:10, Pablo Neira Ayuso 写道:
> On Sun, Aug 04, 2019 at 09:24:00PM +0800, we...@ucloud.cn wrote:
>> diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
>> index 8f1a7b8..6022dd0 100644
>> --- a/include/net/flow_offload.h
>> +++ b/include/net/flow_offload.h
> [...]
>> @@
在 2019/8/7 0:10, Pablo Neira Ayuso 写道:
>
>>
>> +void flow_indr_add_block_ing_cb(struct flow_indr_block_ing_entry *entry)
>> +{
> ... but registration does not protect the list with a mutex.
>
>> +list_add_tail_rcu(&entry->list, &block_ing_cb_list);
>> +}
>> +EXPORT_SYMBOL_GPL(flow_indr_add_
From: wenxu
nftable support indr-block call. It makes nftable an offload vlan
and tunnel device.
nft add table netdev firewall
nft add chain netdev firewall aclout { type filter hook ingress offload device
mlx_pf0vf0 priority - 300 \; }
nft add rule netdev firewall aclout ip daddr 10.0.0.1 fwd
From: wenxu
This patch make indr_block_call don't access struct tc_indr_block_cb
and tc_indr_block_dev directly
Signed-off-by: wenxu
Acked-by: Jakub Kicinski
---
v7: no change
net/sched/cls_api.c | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff
From: wenxu
move tc indirect block to flow_offload and rename
it to flow indirect block.The nf_tables can use the
indr block architecture.
Signed-off-by: wenxu
Acked-by: Jakub Kicinski
---
v7: no change
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
.../net/ethernet/netronome
From: wenxu
Remove the tcf_block in the tc_indr_block_dev for muti-subsystem
support.
Signed-off-by: wenxu
Acked-by: Jakub Kicinski
---
v7: no change
net/sched/cls_api.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched
From: wenxu
This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.
The first four patches mv tc indr block to flow offload and
rename to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The
From: wenxu
It provide a callback list to find the blocks of tc
and nft subsystems
Signed-off-by: wenxu
Acked-by: Jakub Kicinski
---
v7: add a mutex lock for add/del flow_indr_block_ing_cb
include/net/flow_offload.h | 10 -
net/core/flow_offload.c| 51
From: wenxu
This patch make tc_indr_block_ing_cmd can't access struct
tc_indr_block_dev and tc_indr_block_cb.
Signed-off-by: wenxu
Acked-by: Jakub Kicinski
---
v7: no change
net/sched/cls_api.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --
-hw-rx-offload: off [fixed]
But I found the RX offload is not supported currently?
I found the mlx5_accel_is_ktls_rx(mdev) will return false and it leads this
feature
not supported. So it means the current FW also does not support RX offload?
BR
wenxu
From: wenxu
This patch add the TCA_FLOWER_KEY_CT_FLAGS_INVALID flag to
match the ct_state with invalid for conntrack.
Signed-off-by: wenxu
---
include/linux/skbuff.h | 4 ++--
include/net/sch_generic.h| 1 +
include/uapi/linux/pkt_cls.h | 1 +
net/core/dev.c | 2
On 1/19/2021 2:21 AM, Marcelo Ricardo Leitner wrote:
> On Mon, Jan 18, 2021 at 01:18:47PM +0800, we...@ucloud.cn wrote:
> ...
>> --- a/net/sched/cls_flower.c
>> +++ b/net/sched/cls_flower.c
>> @@ -305,6 +305,9 @@ static int fl_classify(struct sk_buff *skb, const struct
>> tcf_proto *tp,
>>
From: wenxu
This patch add the TCA_FLOWER_KEY_CT_FLAGS_INVALID flag to
match the ct_state with invalid for conntrack.
Signed-off-by: wenxu
---
v2: initialize post_ct right on the declaration
include/linux/skbuff.h | 4 ++--
include/net/sch_generic.h| 1 +
include/uapi/linux
From: wenxu
Matches on conntrack inv ct_state.
Signed-off-by: wenxu
---
include/uapi/linux/pkt_cls.h | 1 +
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c| 1 +
3 files changed, 4 insertions(+)
diff --git a/include/uapi/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
index
From: wenxu
Matches on conntrack inv ct_state.
Signed-off-by: wenxu
---
v2: change the description
include/uapi/linux/pkt_cls.h | 1 +
man/man8/tc-flower.8 | 2 ++
tc/f_flower.c| 1 +
3 files changed, 4 insertions(+)
diff --git a/include/uapi/linux/pkt_cls.h b
On 1/21/2021 9:09 AM, Cong Wang wrote:
> On Wed, Jan 20, 2021 at 3:40 PM Marcelo Ricardo Leitner
> wrote:
>> On Wed, Jan 20, 2021 at 02:18:41PM -0800, Cong Wang wrote:
>>> On Tue, Jan 19, 2021 at 12:33 AM wrote:
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index
在 2020/11/18 15:00, Cong Wang 写道:
> On Tue, Nov 17, 2020 at 5:37 PM wrote:
>> From: wenxu
>>
>> Currently kernel tc subsystem can do conntrack in cat_ct. But when several
>> fragment packets go through the act_ct, function tcf_ct_handle_fragments
>> will def
From: wenxu
This one is prepare for the next patch.
Signed-off-by: wenxu
---
v3: no change
include/net/sch_generic.h | 5 -
net/sched/act_mirred.c| 21 +++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net
From: wenxu
Currently kernel tc subsystem can do conntrack in act_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
Currently kernel tc subsystem can do conntrack in cat_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
The mru in the qdisc_skb_cb should be init as 0. Only defrag packets in the
act_ct will set the value.
Fixes: 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after defrag
in act_ct")
Signed-off-by: wenxu
---
v3: no change
net/core/dev.c | 2 ++
1 file
在 2020/11/25 3:24, Jakub Kicinski 写道:
> On Fri, 20 Nov 2020 07:38:36 +0800 we...@ucloud.cn wrote:
>> +int tcf_dev_queue_xmit(struct sk_buff *skb, int (*xmit)(struct sk_buff
>> *skb))
>> +{
>> +xmit_hook_func *xmit_hook;
>> +
>> +xmit_hook = rcu_dereference(tcf_xmit_hook);
>> +if (xmi
From: wenxu
Currently kernel tc subsystem can do conntrack in act_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
This one is prepare for the next patch.
Signed-off-by: wenxu
---
v4: no change
include/net/sch_generic.h | 5 -
net/sched/act_mirred.c| 21 +++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net
From: wenxu
The mru in the qdisc_skb_cb should be init as 0. Only defrag packets in the
act_ct will set the value.
Fixes: 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after defrag
in act_ct")
Signed-off-by: wenxu
---
v4: no change
net/core/dev.c | 2 ++
1 file
From: wenxu
Currently kernel tc subsystem can do conntrack in cat_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
; - nf_ct_acct_update(ct, dir, skb->len);
> + if (nf_ft->flags & NF_FLOWTABLE_COUNTER)
> + nf_ct_acct_update(ct, dir, skb->len);
>
> return true;
> }
Acked-by: wenxu
BR
wenxu
在 2020/11/9 21:24, Vlad Buslov 写道:
> On Sun 08 Nov 2020 at 01:30, we...@ucloud.cn wrote:
>> From: wenxu
>>
>> Currently kernel tc subsystem can do conntrack in act_ct. But when several
>> fragment packets go through the act_ct, function tcf_ct_handle_fragments
>
From: wenxu
Currently kernel tc subsystem can do conntrack in act_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
The mru in the qdisc_skb_cb should be init as 0. Only defrag packets in the
act_ct will set the value.
Fixes: 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after defrag
in act_ct")
Signed-off-by: wenxu
---
v5: new patch
v6: no change
net/core/dev.c | 2
From: wenxu
This one is prepare for the next patch.
Signed-off-by: wenxu
---
v6: no change
include/net/sch_generic.h | 5 -
net/sched/act_mirred.c| 21 +++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net
From: wenxu
Currently kernel tc subsystem can do conntrack in cat_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
This one is prepare for the next patch.
Signed-off-by: wenxu
---
v7: no change
include/net/sch_generic.h | 5 -
net/sched/act_mirred.c| 21 +++--
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net
From: wenxu
Currently kernel tc subsystem can do conntrack in cat_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
From: wenxu
Currently kernel tc subsystem can do conntrack in act_ct. But when several
fragment packets go through the act_ct, function tcf_ct_handle_fragments
will defrag the packets to a big one. But the last action will redirect
mirred to a device which maybe lead the reassembly big packet
1 - 100 of 405 matches
Mail list logo
