mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 13:22:57 +00:00
netfilter: flowtable: cache info of last offload
Modify flow table offload to cache the last ct info status that was passed to the driver offload callbacks by extending enum nf_flow_flags with new "NF_FLOW_HW_ESTABLISHED" flag. Set the flag if ctinfo was 'established' during last act_ct meta actions fill call. This infrastructure change is necessary to optimize promoting of UDP connections from 'new' to 'established' in following patches in this series. Signed-off-by: Vlad Buslov <vladbu@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
8f84780b84
commit
1a441a9b8b
4 changed files with 15 additions and 12 deletions
|
@ -57,7 +57,7 @@ struct nf_flowtable_type {
|
||||||
struct net_device *dev,
|
struct net_device *dev,
|
||||||
enum flow_block_command cmd);
|
enum flow_block_command cmd);
|
||||||
int (*action)(struct net *net,
|
int (*action)(struct net *net,
|
||||||
const struct flow_offload *flow,
|
struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule);
|
struct nf_flow_rule *flow_rule);
|
||||||
void (*free)(struct nf_flowtable *ft);
|
void (*free)(struct nf_flowtable *ft);
|
||||||
|
@ -165,6 +165,7 @@ enum nf_flow_flags {
|
||||||
NF_FLOW_HW_DEAD,
|
NF_FLOW_HW_DEAD,
|
||||||
NF_FLOW_HW_PENDING,
|
NF_FLOW_HW_PENDING,
|
||||||
NF_FLOW_HW_BIDIRECTIONAL,
|
NF_FLOW_HW_BIDIRECTIONAL,
|
||||||
|
NF_FLOW_HW_ESTABLISHED,
|
||||||
};
|
};
|
||||||
|
|
||||||
enum flow_offload_type {
|
enum flow_offload_type {
|
||||||
|
@ -313,10 +314,10 @@ void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
|
||||||
int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
|
||||||
struct net_device *dev,
|
struct net_device *dev,
|
||||||
enum flow_block_command cmd);
|
enum flow_block_command cmd);
|
||||||
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule);
|
struct nf_flow_rule *flow_rule);
|
||||||
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
|
int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule);
|
struct nf_flow_rule *flow_rule);
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,7 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nf_flow_rule_route_inet(struct net *net,
|
static int nf_flow_rule_route_inet(struct net *net,
|
||||||
const struct flow_offload *flow,
|
struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule)
|
struct nf_flow_rule *flow_rule)
|
||||||
{
|
{
|
||||||
|
|
|
@ -679,7 +679,7 @@ nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule)
|
struct nf_flow_rule *flow_rule)
|
||||||
{
|
{
|
||||||
|
@ -704,7 +704,7 @@ int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4);
|
EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4);
|
||||||
|
|
||||||
int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
|
int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir dir,
|
enum flow_offload_tuple_dir dir,
|
||||||
struct nf_flow_rule *flow_rule)
|
struct nf_flow_rule *flow_rule)
|
||||||
{
|
{
|
||||||
|
@ -735,7 +735,7 @@ nf_flow_offload_rule_alloc(struct net *net,
|
||||||
{
|
{
|
||||||
const struct nf_flowtable *flowtable = offload->flowtable;
|
const struct nf_flowtable *flowtable = offload->flowtable;
|
||||||
const struct flow_offload_tuple *tuple, *other_tuple;
|
const struct flow_offload_tuple *tuple, *other_tuple;
|
||||||
const struct flow_offload *flow = offload->flow;
|
struct flow_offload *flow = offload->flow;
|
||||||
struct dst_entry *other_dst = NULL;
|
struct dst_entry *other_dst = NULL;
|
||||||
struct nf_flow_rule *flow_rule;
|
struct nf_flow_rule *flow_rule;
|
||||||
int err = -ENOMEM;
|
int err = -ENOMEM;
|
||||||
|
|
|
@ -170,11 +170,11 @@ tcf_ct_flow_table_add_action_nat_udp(const struct nf_conntrack_tuple *tuple,
|
||||||
|
|
||||||
static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
|
static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
|
||||||
enum ip_conntrack_dir dir,
|
enum ip_conntrack_dir dir,
|
||||||
|
enum ip_conntrack_info ctinfo,
|
||||||
struct flow_action *action)
|
struct flow_action *action)
|
||||||
{
|
{
|
||||||
struct nf_conn_labels *ct_labels;
|
struct nf_conn_labels *ct_labels;
|
||||||
struct flow_action_entry *entry;
|
struct flow_action_entry *entry;
|
||||||
enum ip_conntrack_info ctinfo;
|
|
||||||
u32 *act_ct_labels;
|
u32 *act_ct_labels;
|
||||||
|
|
||||||
entry = tcf_ct_flow_table_flow_action_get_next(action);
|
entry = tcf_ct_flow_table_flow_action_get_next(action);
|
||||||
|
@ -182,8 +182,6 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
|
||||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
|
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
|
||||||
entry->ct_metadata.mark = READ_ONCE(ct->mark);
|
entry->ct_metadata.mark = READ_ONCE(ct->mark);
|
||||||
#endif
|
#endif
|
||||||
ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
|
|
||||||
IP_CT_ESTABLISHED_REPLY;
|
|
||||||
/* aligns with the CT reference on the SKB nf_ct_set */
|
/* aligns with the CT reference on the SKB nf_ct_set */
|
||||||
entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
|
entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
|
||||||
entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL;
|
entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL;
|
||||||
|
@ -237,22 +235,26 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net,
|
||||||
}
|
}
|
||||||
|
|
||||||
static int tcf_ct_flow_table_fill_actions(struct net *net,
|
static int tcf_ct_flow_table_fill_actions(struct net *net,
|
||||||
const struct flow_offload *flow,
|
struct flow_offload *flow,
|
||||||
enum flow_offload_tuple_dir tdir,
|
enum flow_offload_tuple_dir tdir,
|
||||||
struct nf_flow_rule *flow_rule)
|
struct nf_flow_rule *flow_rule)
|
||||||
{
|
{
|
||||||
struct flow_action *action = &flow_rule->rule->action;
|
struct flow_action *action = &flow_rule->rule->action;
|
||||||
int num_entries = action->num_entries;
|
int num_entries = action->num_entries;
|
||||||
struct nf_conn *ct = flow->ct;
|
struct nf_conn *ct = flow->ct;
|
||||||
|
enum ip_conntrack_info ctinfo;
|
||||||
enum ip_conntrack_dir dir;
|
enum ip_conntrack_dir dir;
|
||||||
int i, err;
|
int i, err;
|
||||||
|
|
||||||
switch (tdir) {
|
switch (tdir) {
|
||||||
case FLOW_OFFLOAD_DIR_ORIGINAL:
|
case FLOW_OFFLOAD_DIR_ORIGINAL:
|
||||||
dir = IP_CT_DIR_ORIGINAL;
|
dir = IP_CT_DIR_ORIGINAL;
|
||||||
|
ctinfo = IP_CT_ESTABLISHED;
|
||||||
|
set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
|
||||||
break;
|
break;
|
||||||
case FLOW_OFFLOAD_DIR_REPLY:
|
case FLOW_OFFLOAD_DIR_REPLY:
|
||||||
dir = IP_CT_DIR_REPLY;
|
dir = IP_CT_DIR_REPLY;
|
||||||
|
ctinfo = IP_CT_ESTABLISHED_REPLY;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
@ -262,7 +264,7 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
|
||||||
if (err)
|
if (err)
|
||||||
goto err_nat;
|
goto err_nat;
|
||||||
|
|
||||||
tcf_ct_flow_table_add_action_meta(ct, dir, action);
|
tcf_ct_flow_table_add_action_meta(ct, dir, ctinfo, action);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err_nat:
|
err_nat:
|
||||||
|
|
Loading…
Reference in a new issue