Commit 1918ace1 authored by Toshiaki Makita's avatar Toshiaki Makita Committed by Pablo Neira Ayuso

net/mlx5: Support GRE conntrack offload

Support GREv0 without NAT.
Signed-off-by: default avatarToshiaki Makita <toshiaki.makita1@gmail.com>
Acked-by: default avatarPaul Blakey <paulb@nvidia.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fcb6aa86
...@@ -258,7 +258,8 @@ mlx5_tc_ct_rule_to_tuple(struct mlx5_ct_tuple *tuple, struct flow_rule *rule) ...@@ -258,7 +258,8 @@ mlx5_tc_ct_rule_to_tuple(struct mlx5_ct_tuple *tuple, struct flow_rule *rule)
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
} else { } else {
return -EOPNOTSUPP; if (tuple->ip_proto != IPPROTO_GRE)
return -EOPNOTSUPP;
} }
return 0; return 0;
...@@ -807,7 +808,11 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv, ...@@ -807,7 +808,11 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv,
attr->dest_chain = 0; attr->dest_chain = 0;
attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act); attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act);
attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct; attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct;
attr->outer_match_level = MLX5_MATCH_L4; if (entry->tuple.ip_proto == IPPROTO_TCP ||
entry->tuple.ip_proto == IPPROTO_UDP)
attr->outer_match_level = MLX5_MATCH_L4;
else
attr->outer_match_level = MLX5_MATCH_L3;
attr->counter = entry->counter->counter; attr->counter = entry->counter->counter;
attr->flags |= MLX5_ATTR_FLAG_NO_IN_PORT; attr->flags |= MLX5_ATTR_FLAG_NO_IN_PORT;
if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB) if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB)
...@@ -1224,16 +1229,20 @@ mlx5_tc_ct_skb_to_tuple(struct sk_buff *skb, struct mlx5_ct_tuple *tuple, ...@@ -1224,16 +1229,20 @@ mlx5_tc_ct_skb_to_tuple(struct sk_buff *skb, struct mlx5_ct_tuple *tuple,
struct flow_keys flow_keys; struct flow_keys flow_keys;
skb_reset_network_header(skb); skb_reset_network_header(skb);
skb_flow_dissect_flow_keys(skb, &flow_keys, 0); skb_flow_dissect_flow_keys(skb, &flow_keys, FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP);
tuple->zone = zone; tuple->zone = zone;
if (flow_keys.basic.ip_proto != IPPROTO_TCP && if (flow_keys.basic.ip_proto != IPPROTO_TCP &&
flow_keys.basic.ip_proto != IPPROTO_UDP) flow_keys.basic.ip_proto != IPPROTO_UDP &&
flow_keys.basic.ip_proto != IPPROTO_GRE)
return false; return false;
tuple->port.src = flow_keys.ports.src; if (flow_keys.basic.ip_proto == IPPROTO_TCP ||
tuple->port.dst = flow_keys.ports.dst; flow_keys.basic.ip_proto == IPPROTO_UDP) {
tuple->port.src = flow_keys.ports.src;
tuple->port.dst = flow_keys.ports.dst;
}
tuple->n_proto = flow_keys.basic.n_proto; tuple->n_proto = flow_keys.basic.n_proto;
tuple->ip_proto = flow_keys.basic.ip_proto; tuple->ip_proto = flow_keys.basic.ip_proto;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment