NAK: Cmnt: [SRU][J:linux-bluefield][PATCH v2 00/10] net/sched: act_ct: offload UDP NEW connections

Tim Gardner tim.gardner at canonical.com
Thu Jun 1 12:29:08 UTC 2023 

On 5/31/23 7:59 PM, Tony Duan wrote:
> On 5/31/2023 11:33 PM, Bartlomiej Zolnierkiewicz wrote:
>> External email: Use caution opening links or attachments
>>
>>
>> On Wed, May 17, 2023 at 1:01 AM Tony Duan <yifeid at nvidia.com> wrote:
>>> BugLink: https://bugs.launchpad.net/bugs/2019264
>>>
>>> SRU Justification:
>>>
>>> [Impact]
>>>
>>> * This patch adds support for to offload single sided UDP connections 
>>> by offloading only one side, and offloading the second side when/if 
>>> it comes.
>>>
>>> [Fix]
>>>
>>> * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 
>>> netfilter: nf_conntrack: allow early drop of offloaded UDP conns
>>>    cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 
>>> net/sched: act_ct: offload UDP NEW connections
>>>    cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace 
>>> net/mlx5: Support GRE conntrack offload
>>>    cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 
>>> act_ct: Support GRE offload
>> The above commit introduces a regression which is fixed in the
>> upstream by commit 86360030cc5117596626bef1d937277cd2bebe05
>> ("net/sched: act_api: fix error code in
>> tcf_ct_flow_table_fill_tuple_ipv6()"). Is there a valid reason for not
>> including cherry-pick of it in this submission?
>>
>> -- 
>> Best regards,
>> Bartlomiej
> 
> Thanks for the comments. This patch should be included as well. I'll 
> send another version for review.
> 
> Thank you,
> 
> Tony
> 
>>>    cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 
>>> netfilter: flowtable: Support GRE
>>>    cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb 
>>> net/sched: act_ct: set ctinfo in meta action depending on ct state
>>>    cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 
>>> netfilter: flowtable: cache info of last offload
>>>    cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 
>>> netfilter: flowtable: allow unidirectional rules
>>>    cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb 
>>> netfilter: flowtable: fixup UDP timeout depending on ct state
>>>    cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: 
>>> flow_offload: provision conntrack info in ct_metadata
>>>
>>> [Test Plan]
>>>
>>> * Create OVS bridge with 2 devices mlx5 rep devices.
>>> Enable HW offload and configure regular connection tracking OpenFlow 
>>> rules:
>>>
>>> e.g:
>>>      ovs-ofctl del-flows br-ovs
>>>      ovs-ofctl add-flow br-ovs arp,actions=normal
>>>      ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk 
>>> actions=ct(table=1)"
>>>      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
>>> actions=ct(commit),normal"
>>>      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, 
>>> actions=normal"
>>>
>>> Run a UDP single sided connection, e.g iperf without a server:
>>> on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps
>>>
>>> Optional: In different terminal, while traffic is running, check for 
>>> offload:
>>> tcpdump -nnepi <RELEVANT_MLX5_REP> udp
>>> and see no iperf udp packets.
>>>
>>> Dump conntrack with relevant ip:
>>> cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | 
>>> grep -q "\[OFFLOAD\]"
>>>
>>> If tuple appears, tuple was offloaded, yet unreplied.
>>>
>>> [Where problems could occur]
>>>
>>> * Without this patch, it does not support UDP connections offloading
>>>
>>> [Other Info]
>>>
>>> * nothing
>>>
>>> v1->v2:
>>>    cherry pick 3 GRE offload patches to avoid confliction when cherry 
>>> pick 6a9bad0.
>>>
>>> Toshiaki Makita (3):
>>>    netfilter: flowtable: Support GRE
>>>    act_ct: Support GRE offload
>>>    net/mlx5: Support GRE conntrack offload
>>>
>>> Vlad Buslov (7):
>>>    net: flow_offload: provision conntrack info in ct_metadata
>>>    netfilter: flowtable: fixup UDP timeout depending on ct state
>>>    netfilter: flowtable: allow unidirectional rules
>>>    netfilter: flowtable: cache info of last offload
>>>    net/sched: act_ct: set ctinfo in meta action depending on ct state
>>>    net/sched: act_ct: offload UDP NEW connections
>>>    netfilter: nf_conntrack: allow early drop of offloaded UDP conns
>>>
>>>   drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  25 ++-
>>>   .../net/ethernet/netronome/nfp/flower/conntrack.c  |  24 +++
>>>   include/net/netfilter/nf_flow_table.h              |   8 +-
>>>   net/netfilter/nf_conntrack_core.c                  |  11 +-
>>>   net/netfilter/nf_flow_table_core.c                 |  15 +-
>>>   net/netfilter/nf_flow_table_inet.c                 |   2 +-
>>>   net/netfilter/nf_flow_table_ip.c                   |  62 +++++--
>>>   net/netfilter/nf_flow_table_offload.c              |  40 +++--
>>>   net/netfilter/nft_flow_offload.c                   |  13 ++
>>>   net/sched/act_ct.c                                 | 178 
>>> ++++++++++++++++-----
>>>   10 files changed, 296 insertions(+), 82 deletions(-)
> 
> 
> 

Cap off this thread
-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list