net/mlx5: Support GRE conntrack offload

author Toshiaki Makita <toshiaki.makita1@gmail.com>

Fri, 25 Feb 2022 01:53:09 +0000 (10:53 +0900)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 3 Mar 2022 14:20:51 +0000 (15:20 +0100)
author Toshiaki Makita <toshiaki.makita1@gmail.com>
Fri, 25 Feb 2022 01:53:09 +0000 (10:53 +0900)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 3 Mar 2022 14:20:51 +0000 (15:20 +0100)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c

index 875e77af0ae601b2a198ba56a6a423fb93985465..675bd6ede8453f95c89b3572533090d103c5f747 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -258,7 +258,8 @@ mlx5_tc_ct_rule_to_tuple(struct mlx5_ct_tuple *tuple, struct flow_rule *rule)
                         return -EOPNOTSUPP;
                 }
         } else {
-               return -EOPNOTSUPP;
+               if (tuple->ip_proto != IPPROTO_GRE)
+                       return -EOPNOTSUPP;
         }
  
         return 0;
@@ -807,7 +808,11 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv,
         attr->dest_chain = 0;
         attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act);
         attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct;
-       attr->outer_match_level = MLX5_MATCH_L4;
+       if (entry->tuple.ip_proto == IPPROTO_TCP ||
+           entry->tuple.ip_proto == IPPROTO_UDP)
+               attr->outer_match_level = MLX5_MATCH_L4;
+       else
+               attr->outer_match_level = MLX5_MATCH_L3;
         attr->counter = entry->counter->counter;
         attr->flags |= MLX5_ATTR_FLAG_NO_IN_PORT;
         if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB)
@@ -1224,16 +1229,20 @@ mlx5_tc_ct_skb_to_tuple(struct sk_buff *skb, struct mlx5_ct_tuple *tuple,
         struct flow_keys flow_keys;
  
         skb_reset_network_header(skb);
-       skb_flow_dissect_flow_keys(skb, &flow_keys, 0);
+       skb_flow_dissect_flow_keys(skb, &flow_keys, FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP);
  
         tuple->zone = zone;
  
         if (flow_keys.basic.ip_proto != IPPROTO_TCP &&
-           flow_keys.basic.ip_proto != IPPROTO_UDP)
+           flow_keys.basic.ip_proto != IPPROTO_UDP &&
+           flow_keys.basic.ip_proto != IPPROTO_GRE)
                 return false;
  
-       tuple->port.src = flow_keys.ports.src;
-       tuple->port.dst = flow_keys.ports.dst;
+       if (flow_keys.basic.ip_proto == IPPROTO_TCP ||
+           flow_keys.basic.ip_proto == IPPROTO_UDP) {
+               tuple->port.src = flow_keys.ports.src;
+               tuple->port.dst = flow_keys.ports.dst;
+       }
         tuple->n_proto = flow_keys.basic.n_proto;
         tuple->ip_proto = flow_keys.basic.ip_proto;
author	Toshiaki Makita <toshiaki.makita1@gmail.com>
	Fri, 25 Feb 2022 01:53:09 +0000 (10:53 +0900)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 3 Mar 2022 14:20:51 +0000 (15:20 +0100)