[SRU][J:linux-bluefield][PATCH v1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple

Tony Duan yifeid at nvidia.com
Tue Jun 20 12:40:03 UTC 2023 

BugLink: https://bugs.launchpad.net/bugs/2024432

SRU Justification:

[Impact]

* This patch will add:
  1) Not skipping conntrack_in() for UNASSURED packets, but still
	 refresh for hardware, as before the cited patch.
  2) Try and force a refresh by reply-direction packets that update
     the hardware rules from new to established state.
  3) Remove any bidirectional flows that didn't failed to update in
     hardware for re-insertion as bidrectional once any new packet
     arrives.

[Fix]

* cherry-pick 41f2c7c342d3adb1c4dd5f2e3dd831adff16a669 41f2c7c net/sched: act_ct: Fix promotion of offloaded unreplied tuple

[Test Plan]

* Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:

e.g:
    ovs-ofctl del-flows br-ovs
    ovs-ofctl add-flow br-ovs arp,actions=normal
    ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"

Run a UDP single sided connection, e.g iperf without a server:
on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps

Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> udp
and see no iperf udp packets.

Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]"

If tuple appears, tuple was offloaded, yet unreplied.

[Where problems could occur]

* Without this patch, the connections will remain UNREPLIED and UNASSURED
  even if reply traffic is then seen. 

[Other Info]

* This patch is a fix of bug 2019264

Paul Blakey (1):
  net/sched: act_ct: Fix promotion of offloaded unreplied tuple

 include/net/netfilter/nf_flow_table.h |  2 +-
 net/netfilter/nf_flow_table_core.c    | 13 ++++++++++---
 net/netfilter/nf_flow_table_ip.c      |  4 ++--
 net/sched/act_ct.c                    |  9 ++++++++-
 4 files changed, 21 insertions(+), 7 deletions(-)

-- 
1.8.3.1

More information about the kernel-team mailing list