| Message ID | 20260408170613.587902-1-aconole@redhat.com |
|---|---|
| Headers | show |
| Series | ct-offload: Introduce a conntrack offload infrastructure. | expand |
On 08 Apr 2026 at 01:05:56 PM, Aaron Conole <aconole@redhat.com> wrote: > This series reworks the userspace connection tracker in Open vSwitch in > order to introduce an infrastructure that future offload providers could > use to offload connections, similar to facilities provided in the TC offload > path. The goal is to enable userspace datapath offloads to provide > additional connection tracking offload support. > > The early patches do a slight rework of the existing connection tracker to > prepare for the offload to be added. These are just split-outs and renames > to make things clearer. > > Patches 5-10 are the meat of the offload infrastructure. They provide the > basic support - add/del/est/update primitives that give enough context into > the userspace connection tracking layers to actually inform the hardware and > keep the userspace updated. Additionally, we automatically disable tcp > sequence number checking on connections that are 'offloaded'. > > Patch 11 shows a dummy offload implementation and some unit tests. > > Patch 12 is just documentation / NEWS. > > Submitted as RFC because I'm sure I've forgotten something. > Hi Aaron, thanks for the interesting series. To me it seems this goes in the right direction, but of course Gaetan and Eli can tell more whether this fills all the existing gaps. I have a question, though. Can't e.g. enabling hw-offload while having non-offloaded entries present send a conn_del to the provider? conn_clean() conn_clean__() ct_offload_enabled() -> true ct_offload_conn_del() ct_offload_conn_del() ovs_mutex_lock(&ct_offload_mutex) ct_offload_conn_del_() ct_offload_conn_del_() class->conn_del(ctx) The guard in conn_clean() checks only whether the offload subsystem is globally active without guarding against the offload state. This might not be a big deal as the registered provider will further check and possibly ignore the request, but can't this be avoided? > Aaron Conole (12): > conntrack: Add per-conn storage for conntrack modules. > conntrack: Introduce an observer pattern infrastructure as a hook. > conntrack: Split the FTP and TFTP handling into separate files. > conntrack-tcp: Convert to using the per-conn storage area. > ct-offload: Add a new interface as an offload provider. > ct-offload: Add batching support. > ct-offload: Add a mark for offloaded connections. > conntrack: Add calls to ct-offload infrastructure. > ct-offload: Add configuration infrastructure. > conntrack: Propagate input netdev pointer to conntrack. > ct-offload-dummy: Introduce dummy ct offload. > Documentation: Announce and describe the conntrack offload feature. > > Documentation/automake.mk | 1 + > Documentation/topics/index.rst | 1 + > .../topics/userspace-conntrack-offloading.rst | 76 ++ > NEWS | 1 + > lib/automake.mk | 7 + > lib/conntrack-ftp.c | 689 +++++++++++++ > lib/conntrack-private.h | 123 +++ > lib/conntrack-tcp.c | 72 +- > lib/conntrack-tcp.h | 61 ++ > lib/conntrack-tftp.c | 47 + > lib/conntrack.c | 904 ++++-------------- > lib/conntrack.h | 44 +- > lib/ct-offload-dummy.c | 253 +++++ > lib/ct-offload-dummy.h | 64 ++ > lib/ct-offload.c | 603 ++++++++++++ > lib/ct-offload.h | 177 ++++ > lib/dpif-netdev.c | 14 +- > lib/dpif-offload.c | 13 + > lib/dpif-offload.h | 1 + > tests/dpif-netdev.at | 72 ++ > tests/library.at | 54 ++ > tests/test-conntrack.c | 460 ++++++++- > vswitchd/bridge.c | 4 + > 23 files changed, 2974 insertions(+), 767 deletions(-) > create mode 100644 Documentation/topics/userspace-conntrack-offloading.rst > create mode 100644 lib/conntrack-ftp.c > create mode 100644 lib/conntrack-tcp.h > create mode 100644 lib/conntrack-tftp.c > create mode 100644 lib/ct-offload-dummy.c > create mode 100644 lib/ct-offload-dummy.h > create mode 100644 lib/ct-offload.c > create mode 100644 lib/ct-offload.h > > -- > 2.53.0
Paolo Valerio <pvalerio@redhat.com> writes: > On 08 Apr 2026 at 01:05:56 PM, Aaron Conole <aconole@redhat.com> wrote: > >> This series reworks the userspace connection tracker in Open vSwitch in >> order to introduce an infrastructure that future offload providers could >> use to offload connections, similar to facilities provided in the TC offload >> path. The goal is to enable userspace datapath offloads to provide >> additional connection tracking offload support. >> >> The early patches do a slight rework of the existing connection tracker to >> prepare for the offload to be added. These are just split-outs and renames >> to make things clearer. >> >> Patches 5-10 are the meat of the offload infrastructure. They provide the >> basic support - add/del/est/update primitives that give enough context into >> the userspace connection tracking layers to actually inform the hardware and >> keep the userspace updated. Additionally, we automatically disable tcp >> sequence number checking on connections that are 'offloaded'. >> >> Patch 11 shows a dummy offload implementation and some unit tests. >> >> Patch 12 is just documentation / NEWS. >> >> Submitted as RFC because I'm sure I've forgotten something. >> > > Hi Aaron, thanks for the interesting series. > To me it seems this goes in the right direction, but of course Gaetan > and Eli can tell more whether this fills all the existing gaps. > > I have a question, though. > Can't e.g. enabling hw-offload while having non-offloaded entries present > send a conn_del to the provider? > > conn_clean() > conn_clean__() > ct_offload_enabled() -> true > ct_offload_conn_del() > > ct_offload_conn_del() > ovs_mutex_lock(&ct_offload_mutex) > ct_offload_conn_del_() > > ct_offload_conn_del_() > class->conn_del(ctx) > > The guard in conn_clean() checks only whether the offload subsystem is > globally active without guarding against the offload state. > This might not be a big deal as the registered provider will further > check and possibly ignore the request, but can't this be avoided? Good catch - we may actually need a check like: if (ct_offload_conn_is_offloaded(conn)) { ... } instead. I think there would also be a missing call in the other case as well (ie: hwol is disabled and the sweep runs). So I guess this is probably the better check in that case. WDYT? >> Aaron Conole (12): >> conntrack: Add per-conn storage for conntrack modules. >> conntrack: Introduce an observer pattern infrastructure as a hook. >> conntrack: Split the FTP and TFTP handling into separate files. >> conntrack-tcp: Convert to using the per-conn storage area. >> ct-offload: Add a new interface as an offload provider. >> ct-offload: Add batching support. >> ct-offload: Add a mark for offloaded connections. >> conntrack: Add calls to ct-offload infrastructure. >> ct-offload: Add configuration infrastructure. >> conntrack: Propagate input netdev pointer to conntrack. >> ct-offload-dummy: Introduce dummy ct offload. >> Documentation: Announce and describe the conntrack offload feature. >> >> Documentation/automake.mk | 1 + >> Documentation/topics/index.rst | 1 + >> .../topics/userspace-conntrack-offloading.rst | 76 ++ >> NEWS | 1 + >> lib/automake.mk | 7 + >> lib/conntrack-ftp.c | 689 +++++++++++++ >> lib/conntrack-private.h | 123 +++ >> lib/conntrack-tcp.c | 72 +- >> lib/conntrack-tcp.h | 61 ++ >> lib/conntrack-tftp.c | 47 + >> lib/conntrack.c | 904 ++++-------------- >> lib/conntrack.h | 44 +- >> lib/ct-offload-dummy.c | 253 +++++ >> lib/ct-offload-dummy.h | 64 ++ >> lib/ct-offload.c | 603 ++++++++++++ >> lib/ct-offload.h | 177 ++++ >> lib/dpif-netdev.c | 14 +- >> lib/dpif-offload.c | 13 + >> lib/dpif-offload.h | 1 + >> tests/dpif-netdev.at | 72 ++ >> tests/library.at | 54 ++ >> tests/test-conntrack.c | 460 ++++++++- >> vswitchd/bridge.c | 4 + >> 23 files changed, 2974 insertions(+), 767 deletions(-) >> create mode 100644 Documentation/topics/userspace-conntrack-offloading.rst >> create mode 100644 lib/conntrack-ftp.c >> create mode 100644 lib/conntrack-tcp.h >> create mode 100644 lib/conntrack-tftp.c >> create mode 100644 lib/ct-offload-dummy.c >> create mode 100644 lib/ct-offload-dummy.h >> create mode 100644 lib/ct-offload.c >> create mode 100644 lib/ct-offload.h >> >> -- >> 2.53.0
On 04 May 2026 at 11:09:59 AM, Aaron Conole <aconole@redhat.com> wrote: > Paolo Valerio <pvalerio@redhat.com> writes: > >> On 08 Apr 2026 at 01:05:56 PM, Aaron Conole <aconole@redhat.com> wrote: >> >>> This series reworks the userspace connection tracker in Open vSwitch in >>> order to introduce an infrastructure that future offload providers could >>> use to offload connections, similar to facilities provided in the TC offload >>> path. The goal is to enable userspace datapath offloads to provide >>> additional connection tracking offload support. >>> >>> The early patches do a slight rework of the existing connection tracker to >>> prepare for the offload to be added. These are just split-outs and renames >>> to make things clearer. >>> >>> Patches 5-10 are the meat of the offload infrastructure. They provide the >>> basic support - add/del/est/update primitives that give enough context into >>> the userspace connection tracking layers to actually inform the hardware and >>> keep the userspace updated. Additionally, we automatically disable tcp >>> sequence number checking on connections that are 'offloaded'. >>> >>> Patch 11 shows a dummy offload implementation and some unit tests. >>> >>> Patch 12 is just documentation / NEWS. >>> >>> Submitted as RFC because I'm sure I've forgotten something. >>> >> >> Hi Aaron, thanks for the interesting series. >> To me it seems this goes in the right direction, but of course Gaetan >> and Eli can tell more whether this fills all the existing gaps. >> >> I have a question, though. >> Can't e.g. enabling hw-offload while having non-offloaded entries present >> send a conn_del to the provider? >> >> conn_clean() >> conn_clean__() >> ct_offload_enabled() -> true >> ct_offload_conn_del() >> >> ct_offload_conn_del() >> ovs_mutex_lock(&ct_offload_mutex) >> ct_offload_conn_del_() >> >> ct_offload_conn_del_() >> class->conn_del(ctx) >> >> The guard in conn_clean() checks only whether the offload subsystem is >> globally active without guarding against the offload state. >> This might not be a big deal as the registered provider will further >> check and possibly ignore the request, but can't this be avoided? > > Good catch - we may actually need a check like: > > if (ct_offload_conn_is_offloaded(conn)) { > ... > } > > instead. I think there would also be a missing call in the other case > as well (ie: hwol is disabled and the sweep runs). So I guess this is > probably the better check in that case. > > WDYT? > agreed, makes sense to me. >>> Aaron Conole (12): >>> conntrack: Add per-conn storage for conntrack modules. >>> conntrack: Introduce an observer pattern infrastructure as a hook. >>> conntrack: Split the FTP and TFTP handling into separate files. >>> conntrack-tcp: Convert to using the per-conn storage area. >>> ct-offload: Add a new interface as an offload provider. >>> ct-offload: Add batching support. >>> ct-offload: Add a mark for offloaded connections. >>> conntrack: Add calls to ct-offload infrastructure. >>> ct-offload: Add configuration infrastructure. >>> conntrack: Propagate input netdev pointer to conntrack. >>> ct-offload-dummy: Introduce dummy ct offload. >>> Documentation: Announce and describe the conntrack offload feature. >>> >>> Documentation/automake.mk | 1 + >>> Documentation/topics/index.rst | 1 + >>> .../topics/userspace-conntrack-offloading.rst | 76 ++ >>> NEWS | 1 + >>> lib/automake.mk | 7 + >>> lib/conntrack-ftp.c | 689 +++++++++++++ >>> lib/conntrack-private.h | 123 +++ >>> lib/conntrack-tcp.c | 72 +- >>> lib/conntrack-tcp.h | 61 ++ >>> lib/conntrack-tftp.c | 47 + >>> lib/conntrack.c | 904 ++++-------------- >>> lib/conntrack.h | 44 +- >>> lib/ct-offload-dummy.c | 253 +++++ >>> lib/ct-offload-dummy.h | 64 ++ >>> lib/ct-offload.c | 603 ++++++++++++ >>> lib/ct-offload.h | 177 ++++ >>> lib/dpif-netdev.c | 14 +- >>> lib/dpif-offload.c | 13 + >>> lib/dpif-offload.h | 1 + >>> tests/dpif-netdev.at | 72 ++ >>> tests/library.at | 54 ++ >>> tests/test-conntrack.c | 460 ++++++++- >>> vswitchd/bridge.c | 4 + >>> 23 files changed, 2974 insertions(+), 767 deletions(-) >>> create mode 100644 Documentation/topics/userspace-conntrack-offloading.rst >>> create mode 100644 lib/conntrack-ftp.c >>> create mode 100644 lib/conntrack-tcp.h >>> create mode 100644 lib/conntrack-tftp.c >>> create mode 100644 lib/ct-offload-dummy.c >>> create mode 100644 lib/ct-offload-dummy.h >>> create mode 100644 lib/ct-offload.c >>> create mode 100644 lib/ct-offload.h >>> >>> -- >>> 2.53.0