[net-next,0/3] Conntrack GRE offload

Message

Toshiaki Makita Feb. 3, 2022, 11:59 a.m. UTC

Conntrack offload currently only supports TCP and UDP.
Thus TC/nftables/OVS cannot offload GRE packets.

However, GRE is widely used so some users create gre devices in VMs,
and in that case host OVS forwards GRE packets from/to VMs.

In order to offload GRE packets in OVS with stateful firewall support,
we need act_ct GRE offload support.

This patch set adds GRE offload support for act_ct and mlx5 conntrack.
Currently only GREv0 and no NAT support.

- Patch 1: flow_offload/flowtable GRE support.
- Patch 2: act_ct GRE offload support.
- Patch 3: mlx5 conntrack GRE offload support.

Tested with ConnectX-6 Dx 100G NIC and netperf TCP_STREAM.

                      +------------------------------------+
                      |                        +-----------+
                      |                        |(namespace)|
  +---------+         |                        | netserver |
  |         |  wire   +----+  tc   +--------+  +-------+   |
  | netperf |-------->|mlx5|------>|mlx5 rep|--|mlx5 vf|   |
  |         |         +----+       +--------+  +-------+---+
  +---------+         +------------------------------------+

- No offload (TC skip_hw): 8.5 Gbps
- Offload    (act_ct)    : 22 Gbps

Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>

Toshiaki Makita (3):
  netfilter: flowtable: Support GRE
  act_ct: Support GRE offload
  net/mlx5: Support GRE conntrack offload

 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  21 +++--
 net/netfilter/nf_flow_table_core.c                 |  10 +-
 net/netfilter/nf_flow_table_ip.c                   |  54 +++++++++--
 net/netfilter/nf_flow_table_offload.c              |  19 ++--
 net/netfilter/nft_flow_offload.c                   |  13 +++
 net/sched/act_ct.c                                 | 101 ++++++++++++++++-----
 6 files changed, 171 insertions(+), 47 deletions(-)