Conntrack offload currently only supports TCP and UDP.
Thus TC/nftables/OVS cannot offload GRE packets.
However, GRE is widely used so some users create gre devices in VMs,
and in that case host OVS forwards GRE packets from/to VMs.
In order to offload GRE packets in OVS with stateful firewall support,
we need act_ct GRE offload support.
This patch set adds GRE offload support for act_ct and mlx5 conntrack.
Currently only GREv0 and no NAT support.
- Patch 1: flow_offload/flowtable GRE support.
- Patch 2: act_ct GRE offload support.
- Patch 3: mlx5 conntrack GRE offload support.
Tested with ConnectX-6 Dx 100G NIC and netperf TCP_STREAM.
+------------------------------------+
| +-----------+
| |(namespace)|
+---------+ | | netserver |
| | wire +----+ tc +--------+ +-------+ |
| netperf |-------->|mlx5|------>|mlx5 rep|--|mlx5 vf| |
| | +----+ +--------+ +-------+---+
+---------+ +------------------------------------+
- No offload (TC skip_hw): 8.5 Gbps
- Offload (act_ct) : 22 Gbps
v2:
- Replace if-else with switch in patch 1 and 2
Signed-off-by: Toshiaki Makita <toshiaki.makita1@xxxxxxxxx>
Toshiaki Makita (3):
netfilter: flowtable: Support GRE
act_ct: Support GRE offload
net/mlx5: Support GRE conntrack offload
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 21 ++--
net/netfilter/nf_flow_table_core.c | 10 +-
net/netfilter/nf_flow_table_ip.c | 62 +++++++++--
net/netfilter/nf_flow_table_offload.c | 22 ++--
net/netfilter/nft_flow_offload.c | 13 +++
net/sched/act_ct.c | 115 ++++++++++++++++-----
6 files changed, 194 insertions(+), 49 deletions(-)
--
1.8.3.1
