On 12/3/2019 6:41 PM, Simon Horman wrote: > On Tue, Dec 03, 2019 at 03:45:24PM +0200, Roi Dayan wrote: >> The following patchset introduces hardware offload of OVS connection >> tracking datapath rules. >> >> OVS uses ct() and recirc() (recirculation) actions and recirc_id()/ct_state() >> matches to support connection tracking. >> >> The datapath rules are in the form of: >> >> recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) >> actions:ct(),recirc(2) >> recirc_id(2),in_port(dev1),eth_type(0x0800),ct_state(+trk+est) actions:4 >> >> This patchset will translate ct_state() and recirc_id() matches to tc >> ct_state and chain matches respectively. The datapath actions ct() and >> recirc() >> will be translated to tc actions ct and goto chain respectively. >> >> The tc equivalent commands for the above rules are: >> >> $ tc filter add dev dev1 ingress \ >> prio 1 chain 0 proto ip \ >> flower tcp ct_state -trk \ >> action ct pipe \ >> action goto chain 2 >> >> $ tc filter add dev dev1 ingress \ >> prio 1 chain 2 proto ip \ >> flower tcp ct_state +trk+est \ >> action mirred egress redirect dev dev2 > Hi Roi, > > I understand that this patchset handles adding rules as described above. > But do we also need a patchset to enable offload of NF flowtable, > so conntrack entries are offloaded?
Yes it would be added to tc, then a upcoming kernel patchset you describe will actually offloaded this via act ct -> nf flow table offload like what nft currently does. We will submitting that to linux kernel soon. > > Kind regards, > Simon _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev