[SRU][J:linux-bluefield][PATCH v1 0/7] net/sched: act_ct: offload UDP NEW connections

[Tony Duan]

BugLink: https://bugs.launchpad.net/bugs/2019264

SRU Justification:

[Impact]

* This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes.

[Fix]

* cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns
  backport 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections
  cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state
  cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload
  cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules
  cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state
  cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata

[Test Plan]

* Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:

e.g:
    ovs-ofctl del-flows br-ovs
    ovs-ofctl add-flow br-ovs arp,actions=normal
    ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
    ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"

Run a UDP single sided connection, e.g iperf without a server:
on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps

Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> udp
and see no iperf udp packets.

Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]"

If tuple appears, tuple was offloaded, yet unreplied.

[Where problems could occur]

* Without this patch, it does not support UDP connections offloading

[Other Info]

* nothing

Vlad Buslov (7):
  net: flow_offload: provision conntrack info in ct_metadata
  netfilter: flowtable: fixup UDP timeout depending on ct state
  netfilter: flowtable: allow unidirectional rules
  netfilter: flowtable: cache info of last offload
  net/sched: act_ct: set ctinfo in meta action depending on ct state
  net/sched: act_ct: offload UDP NEW connections
  netfilter: nf_conntrack: allow early drop of offloaded UDP conns

 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  4 ++
 .../net/ethernet/netronome/nfp/flower/conntrack.c  | 24 +++++++++
 include/net/netfilter/nf_flow_table.h              |  8 +--
 net/netfilter/nf_conntrack_core.c                  | 11 ++--
 net/netfilter/nf_flow_table_core.c                 |  5 +-
 net/netfilter/nf_flow_table_inet.c                 |  2 +-
 net/netfilter/nf_flow_table_offload.c              | 18 ++++---
 net/sched/act_ct.c                                 | 59 ++++++++++++++++------
 8 files changed, 98 insertions(+), 33 deletions(-)

-- 
1.8.3.1