netfilter: flowtable: cache info of last offload
Modify flow table offload to cache the last ct info status that was passed to the driver offload callbacks by extending enum nf_flow_flags with new "NF_FLOW_HW_ESTABLISHED" flag. Set the flag if ctinfo was 'established' during last act_ct meta actions fill call. This infrastructure change is necessary to optimize promoting of UDP connections from 'new' to 'established' in following patches in this series. Signed-off-by: Vlad Buslov <vladbu@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
8f84780b84
commit
1a441a9b8b
@ -57,7 +57,7 @@ struct nf_flowtable_type {
|
||||
struct net_device *dev,
|
||||
enum flow_block_command cmd);
|
||||
int (*action)(struct net *net,
|
||||
const struct flow_offload *flow,
|
||||
struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule);
|
||||
void (*free)(struct nf_flowtable *ft);
|
||||
@ -165,6 +165,7 @@ enum nf_flow_flags {
|
||||
NF_FLOW_HW_DEAD,
|
||||
NF_FLOW_HW_PENDING,
|
||||
NF_FLOW_HW_BIDIRECTIONAL,
|
||||
NF_FLOW_HW_ESTABLISHED,
|
||||
};
|
||||
|
||||
enum flow_offload_type {
|
||||
@ -313,10 +314,10 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
|
||||
int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
||||
struct net_device *dev,
|
||||
enum flow_block_command cmd);
|
||||
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
||||
int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule);
|
||||
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
|
||||
int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule);
|
||||
|
||||
|
@ -39,7 +39,7 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
|
||||
}
|
||||
|
||||
static int nf_flow_rule_route_inet(struct net *net,
|
||||
const struct flow_offload *flow,
|
||||
struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule)
|
||||
{
|
||||
|
@ -679,7 +679,7 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
||||
int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule)
|
||||
{
|
||||
@ -704,7 +704,7 @@ int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4);
|
||||
|
||||
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
|
||||
int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir dir,
|
||||
struct nf_flow_rule *flow_rule)
|
||||
{
|
||||
@ -735,7 +735,7 @@ nf_flow_offload_rule_alloc(struct net *net,
|
||||
{
|
||||
const struct nf_flowtable *flowtable = offload->flowtable;
|
||||
const struct flow_offload_tuple *tuple, *other_tuple;
|
||||
const struct flow_offload *flow = offload->flow;
|
||||
struct flow_offload *flow = offload->flow;
|
||||
struct dst_entry *other_dst = NULL;
|
||||
struct nf_flow_rule *flow_rule;
|
||||
int err = -ENOMEM;
|
||||
|
@ -170,11 +170,11 @@ tcf_ct_flow_table_add_action_nat_udp(const struct nf_conntrack_tuple *tuple,
|
||||
|
||||
static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
|
||||
enum ip_conntrack_dir dir,
|
||||
enum ip_conntrack_info ctinfo,
|
||||
struct flow_action *action)
|
||||
{
|
||||
struct nf_conn_labels *ct_labels;
|
||||
struct flow_action_entry *entry;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
u32 *act_ct_labels;
|
||||
|
||||
entry = tcf_ct_flow_table_flow_action_get_next(action);
|
||||
@ -182,8 +182,6 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
|
||||
entry->ct_metadata.mark = READ_ONCE(ct->mark);
|
||||
#endif
|
||||
ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
|
||||
IP_CT_ESTABLISHED_REPLY;
|
||||
/* aligns with the CT reference on the SKB nf_ct_set */
|
||||
entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
|
||||
entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL;
|
||||
@ -237,22 +235,26 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net,
|
||||
}
|
||||
|
||||
static int tcf_ct_flow_table_fill_actions(struct net *net,
|
||||
const struct flow_offload *flow,
|
||||
struct flow_offload *flow,
|
||||
enum flow_offload_tuple_dir tdir,
|
||||
struct nf_flow_rule *flow_rule)
|
||||
{
|
||||
struct flow_action *action = &flow_rule->rule->action;
|
||||
int num_entries = action->num_entries;
|
||||
struct nf_conn *ct = flow->ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
enum ip_conntrack_dir dir;
|
||||
int i, err;
|
||||
|
||||
switch (tdir) {
|
||||
case FLOW_OFFLOAD_DIR_ORIGINAL:
|
||||
dir = IP_CT_DIR_ORIGINAL;
|
||||
ctinfo = IP_CT_ESTABLISHED;
|
||||
set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
|
||||
break;
|
||||
case FLOW_OFFLOAD_DIR_REPLY:
|
||||
dir = IP_CT_DIR_REPLY;
|
||||
ctinfo = IP_CT_ESTABLISHED_REPLY;
|
||||
break;
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
@ -262,7 +264,7 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
|
||||
if (err)
|
||||
goto err_nat;
|
||||
|
||||
tcf_ct_flow_table_add_action_meta(ct, dir, action);
|
||||
tcf_ct_flow_table_add_action_meta(ct, dir, ctinfo, action);
|
||||
return 0;
|
||||
|
||||
err_nat:
|
||||
|
Loading…
Reference in New Issue
Block a user