Commit 1a441a9b authored by Vlad Buslov's avatar Vlad Buslov Committed by David S. Miller

netfilter: flowtable: cache info of last offload

Modify flow table offload to cache the last ct info status that was passed
to the driver offload callbacks by extending enum nf_flow_flags with new
"NF_FLOW_HW_ESTABLISHED" flag. Set the flag if ctinfo was 'established'
during last act_ct meta actions fill call. This infrastructure change is
necessary to optimize promoting of UDP connections from 'new' to
'established' in following patches in this series.
Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8f84780b
...@@ -57,7 +57,7 @@ struct nf_flowtable_type { ...@@ -57,7 +57,7 @@ struct nf_flowtable_type {
struct net_device *dev, struct net_device *dev,
enum flow_block_command cmd); enum flow_block_command cmd);
int (*action)(struct net *net, int (*action)(struct net *net,
const struct flow_offload *flow, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule); struct nf_flow_rule *flow_rule);
void (*free)(struct nf_flowtable *ft); void (*free)(struct nf_flowtable *ft);
...@@ -165,6 +165,7 @@ enum nf_flow_flags { ...@@ -165,6 +165,7 @@ enum nf_flow_flags {
NF_FLOW_HW_DEAD, NF_FLOW_HW_DEAD,
NF_FLOW_HW_PENDING, NF_FLOW_HW_PENDING,
NF_FLOW_HW_BIDIRECTIONAL, NF_FLOW_HW_BIDIRECTIONAL,
NF_FLOW_HW_ESTABLISHED,
}; };
enum flow_offload_type { enum flow_offload_type {
...@@ -313,10 +314,10 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); ...@@ -313,10 +314,10 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
struct net_device *dev, struct net_device *dev,
enum flow_block_command cmd); enum flow_block_command cmd);
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow, int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule); struct nf_flow_rule *flow_rule);
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule); struct nf_flow_rule *flow_rule);
......
...@@ -39,7 +39,7 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb, ...@@ -39,7 +39,7 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
} }
static int nf_flow_rule_route_inet(struct net *net, static int nf_flow_rule_route_inet(struct net *net,
const struct flow_offload *flow, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule) struct nf_flow_rule *flow_rule)
{ {
......
...@@ -679,7 +679,7 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow, ...@@ -679,7 +679,7 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow,
return 0; return 0;
} }
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow, int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule) struct nf_flow_rule *flow_rule)
{ {
...@@ -704,7 +704,7 @@ int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow, ...@@ -704,7 +704,7 @@ int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
} }
EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4); EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4);
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
enum flow_offload_tuple_dir dir, enum flow_offload_tuple_dir dir,
struct nf_flow_rule *flow_rule) struct nf_flow_rule *flow_rule)
{ {
...@@ -735,7 +735,7 @@ nf_flow_offload_rule_alloc(struct net *net, ...@@ -735,7 +735,7 @@ nf_flow_offload_rule_alloc(struct net *net,
{ {
const struct nf_flowtable *flowtable = offload->flowtable; const struct nf_flowtable *flowtable = offload->flowtable;
const struct flow_offload_tuple *tuple, *other_tuple; const struct flow_offload_tuple *tuple, *other_tuple;
const struct flow_offload *flow = offload->flow; struct flow_offload *flow = offload->flow;
struct dst_entry *other_dst = NULL; struct dst_entry *other_dst = NULL;
struct nf_flow_rule *flow_rule; struct nf_flow_rule *flow_rule;
int err = -ENOMEM; int err = -ENOMEM;
......
...@@ -170,11 +170,11 @@ tcf_ct_flow_table_add_action_nat_udp(const struct nf_conntrack_tuple *tuple, ...@@ -170,11 +170,11 @@ tcf_ct_flow_table_add_action_nat_udp(const struct nf_conntrack_tuple *tuple,
static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct, static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
enum ip_conntrack_dir dir, enum ip_conntrack_dir dir,
enum ip_conntrack_info ctinfo,
struct flow_action *action) struct flow_action *action)
{ {
struct nf_conn_labels *ct_labels; struct nf_conn_labels *ct_labels;
struct flow_action_entry *entry; struct flow_action_entry *entry;
enum ip_conntrack_info ctinfo;
u32 *act_ct_labels; u32 *act_ct_labels;
entry = tcf_ct_flow_table_flow_action_get_next(action); entry = tcf_ct_flow_table_flow_action_get_next(action);
...@@ -182,8 +182,6 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct, ...@@ -182,8 +182,6 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) #if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
entry->ct_metadata.mark = READ_ONCE(ct->mark); entry->ct_metadata.mark = READ_ONCE(ct->mark);
#endif #endif
ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
IP_CT_ESTABLISHED_REPLY;
/* aligns with the CT reference on the SKB nf_ct_set */ /* aligns with the CT reference on the SKB nf_ct_set */
entry->ct_metadata.cookie = (unsigned long)ct | ctinfo; entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL; entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL;
...@@ -237,22 +235,26 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net, ...@@ -237,22 +235,26 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net,
} }
static int tcf_ct_flow_table_fill_actions(struct net *net, static int tcf_ct_flow_table_fill_actions(struct net *net,
const struct flow_offload *flow, struct flow_offload *flow,
enum flow_offload_tuple_dir tdir, enum flow_offload_tuple_dir tdir,
struct nf_flow_rule *flow_rule) struct nf_flow_rule *flow_rule)
{ {
struct flow_action *action = &flow_rule->rule->action; struct flow_action *action = &flow_rule->rule->action;
int num_entries = action->num_entries; int num_entries = action->num_entries;
struct nf_conn *ct = flow->ct; struct nf_conn *ct = flow->ct;
enum ip_conntrack_info ctinfo;
enum ip_conntrack_dir dir; enum ip_conntrack_dir dir;
int i, err; int i, err;
switch (tdir) { switch (tdir) {
case FLOW_OFFLOAD_DIR_ORIGINAL: case FLOW_OFFLOAD_DIR_ORIGINAL:
dir = IP_CT_DIR_ORIGINAL; dir = IP_CT_DIR_ORIGINAL;
ctinfo = IP_CT_ESTABLISHED;
set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
break; break;
case FLOW_OFFLOAD_DIR_REPLY: case FLOW_OFFLOAD_DIR_REPLY:
dir = IP_CT_DIR_REPLY; dir = IP_CT_DIR_REPLY;
ctinfo = IP_CT_ESTABLISHED_REPLY;
break; break;
default: default:
return -EOPNOTSUPP; return -EOPNOTSUPP;
...@@ -262,7 +264,7 @@ static int tcf_ct_flow_table_fill_actions(struct net *net, ...@@ -262,7 +264,7 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
if (err) if (err)
goto err_nat; goto err_nat;
tcf_ct_flow_table_add_action_meta(ct, dir, action); tcf_ct_flow_table_add_action_meta(ct, dir, ctinfo, action);
return 0; return 0;
err_nat: err_nat:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment