ACK: [SRU][J:linux-bluefield][PATCH v1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple

Tim Gardner tim.gardner at canonical.com
Tue Jun 20 12:44:22 UTC 2023 

On 6/20/23 6:40 AM, Tony Duan wrote:
> BugLink: https://bugs.launchpad.net/bugs/2024432
> 
> SRU Justification:
> 
> [Impact]
> 
> * This patch will add:
>    1) Not skipping conntrack_in() for UNASSURED packets, but still
> 	 refresh for hardware, as before the cited patch.
>    2) Try and force a refresh by reply-direction packets that update
>       the hardware rules from new to established state.
>    3) Remove any bidirectional flows that didn't failed to update in
>       hardware for re-insertion as bidrectional once any new packet
>       arrives.
> 
> [Fix]
> 
> * cherry-pick 41f2c7c342d3adb1c4dd5f2e3dd831adff16a669 41f2c7c net/sched: act_ct: Fix promotion of offloaded unreplied tuple
> 
> [Test Plan]
> 
> * Create OVS bridge with 2 devices mlx5 rep devices.
> Enable HW offload and configure regular connection tracking OpenFlow rules:
> 
> e.g:
>      ovs-ofctl del-flows br-ovs
>      ovs-ofctl add-flow br-ovs arp,actions=normal
>      ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
>      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
>      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
> 
> Run a UDP single sided connection, e.g iperf without a server:
> on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps
> 
> Optional: In different terminal, while traffic is running, check for offload:
> tcpdump -nnepi <RELEVANT_MLX5_REP> udp
> and see no iperf udp packets.
> 
> Dump conntrack with relevant ip:
> cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]"
> 
> If tuple appears, tuple was offloaded, yet unreplied.
> 
> [Where problems could occur]
> 
> * Without this patch, the connections will remain UNREPLIED and UNASSURED
>    even if reply traffic is then seen.
> 
> [Other Info]
> 
> * This patch is a fix of bug 2019264
> 
> Paul Blakey (1):
>    net/sched: act_ct: Fix promotion of offloaded unreplied tuple
> 
>   include/net/netfilter/nf_flow_table.h |  2 +-
>   net/netfilter/nf_flow_table_core.c    | 13 ++++++++++---
>   net/netfilter/nf_flow_table_ip.c      |  4 ++--
>   net/sched/act_ct.c                    |  9 ++++++++-
>   4 files changed, 21 insertions(+), 7 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list