{"id":2221009,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2221009/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/patch/20260408170613.587902-8-aconole@redhat.com/","project":{"id":47,"url":"http://patchwork.ozlabs.org/api/1.1/projects/47/?format=json","name":"Open vSwitch","link_name":"openvswitch","list_id":"ovs-dev.openvswitch.org","list_email":"ovs-dev@openvswitch.org","web_url":"http://openvswitch.org/","scm_url":"git@github.com:openvswitch/ovs.git","webscm_url":"https://github.com/openvswitch/ovs"},"msgid":"<20260408170613.587902-8-aconole@redhat.com>","date":"2026-04-08T17:06:03","name":"[ovs-dev,RFC,07/12] ct-offload: Add a mark for offloaded connections.","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"8517fe47a4e6688f25b3d28848888512422eef08","submitter":{"id":67184,"url":"http://patchwork.ozlabs.org/api/1.1/people/67184/?format=json","name":"Aaron Conole","email":"aconole@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/openvswitch/patch/20260408170613.587902-8-aconole@redhat.com/mbox/","series":[{"id":499163,"url":"http://patchwork.ozlabs.org/api/1.1/series/499163/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/list/?series=499163","date":"2026-04-08T17:05:56","name":"ct-offload: Introduce a conntrack offload infrastructure.","version":1,"mbox":"http://patchwork.ozlabs.org/series/499163/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2221009/comments/","check":"success","checks":"http://patchwork.ozlabs.org/api/patches/2221009/checks/","tags":{},"headers":{"Return-Path":"<ovs-dev-bounces@openvswitch.org>","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ovs-dev@lists.linuxfoundation.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=W3uEZUwl;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)","smtp4.osuosl.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key)\n header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=W3uEZUwl","smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","smtp3.osuosl.org;\n dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com\n header.a=rsa-sha256 header.s=mimecast20190719 header.b=W3uEZUwl"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frTy2467Zz1xv0\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 03:07:06 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 29A4E41078;\n\tWed,  8 Apr 2026 17:07:05 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id mUBNT6LvFLbF; Wed,  8 Apr 2026 17:07:02 +0000 (UTC)","from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp4.osuosl.org (Postfix) with ESMTPS id F1CF24107B;\n\tWed,  8 Apr 2026 17:07:00 +0000 (UTC)","from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id CF241C0902;\n\tWed,  8 Apr 2026 17:07:00 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 070FEC054A\n for <dev@openvswitch.org>; Wed,  8 Apr 2026 17:06:59 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 596BA60FCE\n for <dev@openvswitch.org>; Wed,  8 Apr 2026 17:06:38 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id NpcFoH3D54j0 for <dev@openvswitch.org>;\n Wed,  8 Apr 2026 17:06:37 +0000 (UTC)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 208D060FA0\n for <dev@openvswitch.org>; Wed,  8 Apr 2026 17:06:36 +0000 (UTC)","from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-101-uKa8dl-ePs6Z5rgxk1kK-w-1; Wed,\n 08 Apr 2026 13:06:32 -0400","from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id ADE251955E7B; Wed,  8 Apr 2026 17:06:31 +0000 (UTC)","from RHTRH0061144.redhat.com (unknown [10.22.89.172])\n by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP\n id 3C19A300019F; Wed,  8 Apr 2026 17:06:30 +0000 (UTC)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections -\n client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org F1CF24107B","OpenDKIM Filter v2.11.0 smtp3.osuosl.org 208D060FA0"],"Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124;\n helo=us-smtp-delivery-124.mimecast.com; envelope-from=aconole@redhat.com;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org 208D060FA0","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1775667996;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=q3zQYA9MryvLBGKhdaeed6pNT/e0OC5Bxsv22zMX1r4=;\n b=W3uEZUwlCY2G4bnXA+iQeVu7d79eUa6BsFRkqp5HFI+lzifU5L4S5HDwjUwm8euF2hH9KU\n n9Jf+WbphnntJzNYLncn+Dh/kdTDFFEsJg3AtdrKyC1H3vnVFNutQmqJ52tg2NPTGE5R4i\n v7Qx62ad/wHHAyXf+Q2djo2CtPM4N9A=","X-MC-Unique":"uKa8dl-ePs6Z5rgxk1kK-w-1","X-Mimecast-MFC-AGG-ID":"uKa8dl-ePs6Z5rgxk1kK-w_1775667991","To":"dev@openvswitch.org","Date":"Wed,  8 Apr 2026 13:06:03 -0400","Message-ID":"<20260408170613.587902-8-aconole@redhat.com>","In-Reply-To":"<20260408170613.587902-1-aconole@redhat.com>","References":"<20260408170613.587902-1-aconole@redhat.com>","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.4","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"aIP1VUqMmvzaKosGE4nJXxMMhC3pNV1aUr3hSXlGtbM_1775667991","X-Mimecast-Originator":"redhat.com","Subject":"[ovs-dev] [RFC 07/12] ct-offload: Add a mark for offloaded\n connections.","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"<ovs-dev.openvswitch.org>","List-Unsubscribe":"<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>","List-Archive":"<http://mail.openvswitch.org/pipermail/ovs-dev/>","List-Post":"<mailto:ovs-dev@openvswitch.org>","List-Help":"<mailto:ovs-dev-request@openvswitch.org?subject=help>","List-Subscribe":"<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>","From":"Aaron Conole via dev <ovs-dev@openvswitch.org>","Reply-To":"Aaron Conole <aconole@redhat.com>","Cc":"Eli Britstein <elibr@nvidia.com>, Florian Westphal <fwestpha@redhat.com>,\n Flavio Leitner <fbl@redhat.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ovs-dev-bounces@openvswitch.org","Sender":"\"dev\" <ovs-dev-bounces@openvswitch.org>"},"content":"This helps future work to determine whether a connection\nneeds to be cleaned up during offload sweeping, and whether\nto notify offload providers about established connections.\n\nAdditionally, update the TCP sequence check to skip verifying\nsequence numbers for offloaded connections.\n\nSigned-off-by: Aaron Conole <aconole@redhat.com>\n---\n lib/conntrack-tcp.c |  8 +++--\n lib/ct-offload.c    | 81 +++++++++++++++++++++++++++++++++++++++++++--\n lib/ct-offload.h    |  8 +++++\n 3 files changed, 92 insertions(+), 5 deletions(-)","diff":"diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c\nindex 696fd5c109..1e71b40d40 100644\n--- a/lib/conntrack-tcp.c\n+++ b/lib/conntrack-tcp.c\n@@ -39,6 +39,7 @@\n \n #include <config.h>\n \n+#include \"ct-offload.h\"\n #include \"conntrack-private.h\"\n #include \"conntrack-tcp.h\"\n #include \"conntrack-tp.h\"\n@@ -133,9 +134,10 @@ tcp_get_wscale(const struct tcp_header *tcp)\n }\n \n static bool\n-tcp_bypass_seq_chk(struct conntrack *ct)\n+tcp_bypass_seq_chk(struct conntrack *ct, struct conn *conn)\n {\n-    if (!conntrack_get_tcp_seq_chk(ct)) {\n+    if (!conntrack_get_tcp_seq_chk(ct) ||\n+        ct_offload_conn_is_offloaded(conn)) {\n         COVERAGE_INC(conntrack_tcp_seq_chk_bypass);\n         return true;\n     }\n@@ -286,7 +288,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,\n         /* Acking not more than one window forward */\n         && ((tcp_flags & TCP_RST) == 0 || orig_seq == src->seqlo\n             || (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo)))\n-        || tcp_bypass_seq_chk(ct)) {\n+        || tcp_bypass_seq_chk(ct, conn_)) {\n         /* Require an exact/+1 sequence match on resets when possible */\n \n         /* update max window */\ndiff --git a/lib/ct-offload.c b/lib/ct-offload.c\nindex 97c922dde1..618bd655d0 100644\n--- a/lib/ct-offload.c\n+++ b/lib/ct-offload.c\n@@ -17,6 +17,8 @@\n #include <config.h>\n #include <errno.h>\n \n+#include \"conntrack.h\"\n+#include \"conntrack-private.h\"\n #include \"ct-offload.h\"\n #include \"ovs-thread.h\"\n #include \"util.h\"\n@@ -26,6 +28,15 @@\n \n VLOG_DEFINE_THIS_MODULE(ct_offload);\n \n+/* Private data slot used to mark connections that have been successfully\n+ * offloaded.  Allocated once at module init; no destructor needed because\n+ * the stored value is a plain integer cast to pointer, not heap data. */\n+static ct_private_id_t ct_offload_private_id = CT_PRIVATE_ID_INVALID;\n+\n+#define CT_OFFLOAD_STATE_NONE  ((void *) 0)\n+#define CT_OFFLOAD_STATE_ADDED ((void *) 1)\n+#define CT_OFFLOAD_STATE_EST   ((void *) 2)\n+\n /* Node in the registered-provider list. */\n struct ct_offload_class_node {\n     const struct ct_offload_class *class;\n@@ -111,14 +122,29 @@ out:\n     ovs_mutex_unlock(&ct_offload_mutex);\n }\n \n+void\n+ct_offload_alloc_private_slot(void)\n+{\n+    static struct ovsthread_once once_enable = OVSTHREAD_ONCE_INITIALIZER;\n+\n+    if (ovsthread_once_start(&once_enable)) {\n+        /* Allocate the per-connection private slot. */\n+        ct_offload_private_id = conn_private_id_alloc(NULL);\n+        if (ct_offload_private_id == CT_PRIVATE_ID_INVALID) {\n+            VLOG_ERR(\"failed to allocate ct offload private id: \"\n+                     \"is-offloaded tracking disabled\");\n+        }\n+        ovsthread_once_done(&once_enable);\n+    }\n+}\n+\n /* ct_offload_module_init() - register built-in CT offload providers.\n  *\n  * Must be called once before any connections are created. */\n void\n ct_offload_module_init(void)\n {\n-    /* No built-in providers yet; third parties call ct_offload_register()\n-     * directly from their own module-init routines. */\n+    ct_offload_alloc_private_slot();\n }\n \n /* ct_offload_conn_add_() - notify all eligible providers of a new connection.\n@@ -157,6 +183,11 @@ ct_offload_conn_add_(const struct ct_offload_ctx *ctx, bool batched)\n         }\n     }\n \n+    if (!ret && ct_offload_private_id != CT_PRIVATE_ID_INVALID) {\n+        conn_private_set(CONST_CAST(struct conn *, ctx->conn),\n+                         ct_offload_private_id, CT_OFFLOAD_STATE_ADDED);\n+    }\n+\n     return ret;\n }\n \n@@ -195,6 +226,11 @@ ct_offload_conn_del_(const struct ct_offload_ctx *ctx, bool batched)\n             class->conn_del(ctx);\n         }\n     }\n+\n+    if (ct_offload_private_id != CT_PRIVATE_ID_INVALID) {\n+        conn_private_set(CONST_CAST(struct conn *, ctx->conn),\n+                         ct_offload_private_id, CT_OFFLOAD_STATE_NONE);\n+    }\n }\n \n void\n@@ -208,8 +244,19 @@ ct_offload_conn_del(const struct ct_offload_ctx *ctx)\n static int\n ct_offload_conn_established_(const struct ct_offload_ctx *ctx, bool batched)\n {\n+    static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(600, 600);\n     struct ct_offload_class_node *node;\n \n+    if (ct_offload_private_id == CT_PRIVATE_ID_INVALID) {\n+        VLOG_WARN_RL(&rl, \"ct_offload id not allocted: always sending est.\");\n+        return EAGAIN;\n+    }\n+\n+    if (conn_private_get(ctx->conn, ct_offload_private_id) !=\n+        CT_OFFLOAD_STATE_ADDED) {\n+        return EALREADY;\n+    }\n+\n     LIST_FOR_EACH (node, list_node, &ct_offload_classes) {\n         const struct ct_offload_class *class = node->class;\n \n@@ -225,6 +272,8 @@ ct_offload_conn_established_(const struct ct_offload_ctx *ctx, bool batched)\n         }\n     }\n \n+    conn_private_set(CONST_CAST(struct conn *, ctx->conn),\n+                     ct_offload_private_id, CT_OFFLOAD_STATE_EST);\n     return 0;\n }\n \n@@ -453,6 +502,34 @@ ct_offload_op_batch_submit(struct ct_offload_op_batch *batch)\n     ovs_mutex_unlock(&ct_offload_mutex);\n }\n \n+/* ct_offload_conn_is_offloaded() - return true if conn is currently offloaded.\n+ *\n+ * Reads the private slot set by ct_offload_conn_add() on success and cleared\n+ * by ct_offload_conn_del().  Returns false when the private slot could not be\n+ * allocated at init time. */\n+bool\n+ct_offload_conn_is_offloaded(const struct conn *conn)\n+{\n+    if (ct_offload_private_id == CT_PRIVATE_ID_INVALID) {\n+        return false;\n+    }\n+    return conn_private_get(conn, ct_offload_private_id) !=\n+        CT_OFFLOAD_STATE_NONE;\n+}\n+\n+/* ct_offload_conn_is_established() - return true if conn transitioned to\n+ * established state.  Returns false when the private slot could not be\n+ * allocated at init time. */\n+bool\n+ct_offload_conn_is_established(const struct conn *conn)\n+{\n+    if (ct_offload_private_id == CT_PRIVATE_ID_INVALID) {\n+        return false;\n+    }\n+    return conn_private_get(conn, ct_offload_private_id) ==\n+        CT_OFFLOAD_STATE_EST;\n+}\n+\n /* ct_offload_op_batch_destroy() - release memory held by the batch.\n  *\n  * The batch may be re-initialised with ct_offload_op_batch_init() after\ndiff --git a/lib/ct-offload.h b/lib/ct-offload.h\nindex 36871d12cb..fcb3170fa1 100644\n--- a/lib/ct-offload.h\n+++ b/lib/ct-offload.h\n@@ -87,6 +87,8 @@ struct ct_offload_class {\n int  ct_offload_register(const struct ct_offload_class *);\n void ct_offload_unregister(const struct ct_offload_class *);\n \n+/* Allocate private slot id. */\n+void ct_offload_alloc_private_slot(void);\n /* Module initialization (register built-in providers). */\n void ct_offload_module_init(void);\n \n@@ -98,6 +100,12 @@ void      ct_offload_conn_established(const struct ct_offload_ctx *);\n bool      ct_offload_can_offload(const struct ct_offload_ctx *);\n void      ct_offload_flush(void);\n \n+/* Returns true if 'conn' has been successfully offloaded to hardware.\n+ * Set by ct_offload_conn_add(); cleared by ct_offload_conn_del(). */\n+bool      ct_offload_conn_is_offloaded(const struct conn *);\n+/* Returns true if 'conn' has been transitioned to established state. */\n+bool      ct_offload_conn_is_established(const struct conn *);\n+\n /* Batch offload API.\n  *\n  * The default implementation dispatches each operation individually using the\n","prefixes":["ovs-dev","RFC","07/12"]}