Commit 1918ace1 authored by Toshiaki Makita's avatar Toshiaki Makita Committed by Pablo Neira Ayuso

net/mlx5: Support GRE conntrack offload

Support GREv0 without NAT.
Signed-off-by: default avatarToshiaki Makita <toshiaki.makita1@gmail.com>
Acked-by: default avatarPaul Blakey <paulb@nvidia.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fcb6aa86
......@@ -258,6 +258,7 @@ mlx5_tc_ct_rule_to_tuple(struct mlx5_ct_tuple *tuple, struct flow_rule *rule)
return -EOPNOTSUPP;
}
} else {
if (tuple->ip_proto != IPPROTO_GRE)
return -EOPNOTSUPP;
}
......@@ -807,7 +808,11 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv,
attr->dest_chain = 0;
attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act);
attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct;
if (entry->tuple.ip_proto == IPPROTO_TCP ||
entry->tuple.ip_proto == IPPROTO_UDP)
attr->outer_match_level = MLX5_MATCH_L4;
else
attr->outer_match_level = MLX5_MATCH_L3;
attr->counter = entry->counter->counter;
attr->flags |= MLX5_ATTR_FLAG_NO_IN_PORT;
if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB)
......@@ -1224,16 +1229,20 @@ mlx5_tc_ct_skb_to_tuple(struct sk_buff *skb, struct mlx5_ct_tuple *tuple,
struct flow_keys flow_keys;
skb_reset_network_header(skb);
skb_flow_dissect_flow_keys(skb, &flow_keys, 0);
skb_flow_dissect_flow_keys(skb, &flow_keys, FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP);
tuple->zone = zone;
if (flow_keys.basic.ip_proto != IPPROTO_TCP &&
flow_keys.basic.ip_proto != IPPROTO_UDP)
flow_keys.basic.ip_proto != IPPROTO_UDP &&
flow_keys.basic.ip_proto != IPPROTO_GRE)
return false;
if (flow_keys.basic.ip_proto == IPPROTO_TCP ||
flow_keys.basic.ip_proto == IPPROTO_UDP) {
tuple->port.src = flow_keys.ports.src;
tuple->port.dst = flow_keys.ports.dst;
}
tuple->n_proto = flow_keys.basic.n_proto;
tuple->ip_proto = flow_keys.basic.ip_proto;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment