APPLIED: [SRU][J:linux-bluefield][PATCH v1] net/sched: act_ct: Fix promotion of offloaded unreplied tuple

Bartlomiej Zolnierkiewicz bartlomiej.zolnierkiewicz at canonical.com
Fri Jun 23 12:02:51 UTC 2023 

Applied to jammy:linux-bluefield/master-next. Thanks.

--
Best regards,
Bartlomiej

On Tue, Jun 20, 2023 at 2:40 PM Tony Duan <yifeid at nvidia.com> wrote:
>
> BugLink: https://bugs.launchpad.net/bugs/2024432
>
> SRU Justification:
>
> [Impact]
>
> * This patch will add:
>   1) Not skipping conntrack_in() for UNASSURED packets, but still
>          refresh for hardware, as before the cited patch.
>   2) Try and force a refresh by reply-direction packets that update
>      the hardware rules from new to established state.
>   3) Remove any bidirectional flows that didn't failed to update in
>      hardware for re-insertion as bidrectional once any new packet
>      arrives.
>
> [Fix]
>
> * cherry-pick 41f2c7c342d3adb1c4dd5f2e3dd831adff16a669 41f2c7c net/sched: act_ct: Fix promotion of offloaded unreplied tuple
>
> [Test Plan]
>
> * Create OVS bridge with 2 devices mlx5 rep devices.
> Enable HW offload and configure regular connection tracking OpenFlow rules:
>
> e.g:
>     ovs-ofctl del-flows br-ovs
>     ovs-ofctl add-flow br-ovs arp,actions=normal
>     ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
>     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
>     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
>
> Run a UDP single sided connection, e.g iperf without a server:
> on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps
>
> Optional: In different terminal, while traffic is running, check for offload:
> tcpdump -nnepi <RELEVANT_MLX5_REP> udp
> and see no iperf udp packets.
>
> Dump conntrack with relevant ip:
> cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]"
>
> If tuple appears, tuple was offloaded, yet unreplied.
>
> [Where problems could occur]
>
> * Without this patch, the connections will remain UNREPLIED and UNASSURED
>   even if reply traffic is then seen.
>
> [Other Info]
>
> * This patch is a fix of bug 2019264
>
> Paul Blakey (1):
>   net/sched: act_ct: Fix promotion of offloaded unreplied tuple
>
>  include/net/netfilter/nf_flow_table.h |  2 +-
>  net/netfilter/nf_flow_table_core.c    | 13 ++++++++++---
>  net/netfilter/nf_flow_table_ip.c      |  4 ++--
>  net/sched/act_ct.c                    |  9 ++++++++-
>  4 files changed, 21 insertions(+), 7 deletions(-)

More information about the kernel-team mailing list