| Message ID | 1684277999-18029-1-git-send-email-yifeid@nvidia.com |
|---|---|
| Headers | show |
| Series | net/sched: act_ct: offload UDP NEW connections | expand |
On 23/05/16 05:59PM, Tony Duan wrote: > BugLink: https://bugs.launchpad.net/bugs/2019264 > > SRU Justification: > > [Impact] > > * This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. > > [Fix] > > * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns > cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections > cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace net/mlx5: Support GRE conntrack offload > cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 act_ct: Support GRE offload > cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 netfilter: flowtable: Support GRE > cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state > cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload > cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules > cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state > cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata > > [Test Plan] > > * Create OVS bridge with 2 devices mlx5 rep devices. > Enable HW offload and configure regular connection tracking OpenFlow rules: > > e.g: > ovs-ofctl del-flows br-ovs > ovs-ofctl add-flow br-ovs arp,actions=normal > ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" > > Run a UDP single sided connection, e.g iperf without a server: > on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps > > Optional: In different terminal, while traffic is running, check for offload: > tcpdump -nnepi <RELEVANT_MLX5_REP> udp > and see no iperf udp packets. > > Dump conntrack with relevant ip: > cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" > > If tuple appears, tuple was offloaded, yet unreplied. > > [Where problems could occur] > > * Without this patch, it does not support UDP connections offloading > > [Other Info] > > * nothing > > v1->v2: > cherry pick 3 GRE offload patches to avoid confliction when cherry pick 6a9bad0. > > Toshiaki Makita (3): > netfilter: flowtable: Support GRE > act_ct: Support GRE offload > net/mlx5: Support GRE conntrack offload > > Vlad Buslov (7): > net: flow_offload: provision conntrack info in ct_metadata > netfilter: flowtable: fixup UDP timeout depending on ct state > netfilter: flowtable: allow unidirectional rules > netfilter: flowtable: cache info of last offload > net/sched: act_ct: set ctinfo in meta action depending on ct state > net/sched: act_ct: offload UDP NEW connections > netfilter: nf_conntrack: allow early drop of offloaded UDP conns > > drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- > .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ > include/net/netfilter/nf_flow_table.h | 8 +- > net/netfilter/nf_conntrack_core.c | 11 +- > net/netfilter/nf_flow_table_core.c | 15 +- > net/netfilter/nf_flow_table_inet.c | 2 +- > net/netfilter/nf_flow_table_ip.c | 62 +++++-- > net/netfilter/nf_flow_table_offload.c | 40 +++-- > net/netfilter/nft_flow_offload.c | 13 ++ > net/sched/act_ct.c | 178 ++++++++++++++++----- > 10 files changed, 296 insertions(+), 82 deletions(-) > > -- > 1.8.3.1 Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
On 5/16/23 4:59 PM, Tony Duan wrote: > BugLink: https://bugs.launchpad.net/bugs/2019264 > > SRU Justification: > > [Impact] > > * This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. > > [Fix] > > * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns > cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections > cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace net/mlx5: Support GRE conntrack offload > cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 act_ct: Support GRE offload > cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 netfilter: flowtable: Support GRE > cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state > cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload > cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules > cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state > cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata > > [Test Plan] > > * Create OVS bridge with 2 devices mlx5 rep devices. > Enable HW offload and configure regular connection tracking OpenFlow rules: > > e.g: > ovs-ofctl del-flows br-ovs > ovs-ofctl add-flow br-ovs arp,actions=normal > ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" > > Run a UDP single sided connection, e.g iperf without a server: > on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps > > Optional: In different terminal, while traffic is running, check for offload: > tcpdump -nnepi <RELEVANT_MLX5_REP> udp > and see no iperf udp packets. > > Dump conntrack with relevant ip: > cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" > > If tuple appears, tuple was offloaded, yet unreplied. > > [Where problems could occur] > > * Without this patch, it does not support UDP connections offloading > > [Other Info] > > * nothing > > v1->v2: > cherry pick 3 GRE offload patches to avoid confliction when cherry pick 6a9bad0. > > Toshiaki Makita (3): > netfilter: flowtable: Support GRE > act_ct: Support GRE offload > net/mlx5: Support GRE conntrack offload > > Vlad Buslov (7): > net: flow_offload: provision conntrack info in ct_metadata > netfilter: flowtable: fixup UDP timeout depending on ct state > netfilter: flowtable: allow unidirectional rules > netfilter: flowtable: cache info of last offload > net/sched: act_ct: set ctinfo in meta action depending on ct state > net/sched: act_ct: offload UDP NEW connections > netfilter: nf_conntrack: allow early drop of offloaded UDP conns > > drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- > .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ > include/net/netfilter/nf_flow_table.h | 8 +- > net/netfilter/nf_conntrack_core.c | 11 +- > net/netfilter/nf_flow_table_core.c | 15 +- > net/netfilter/nf_flow_table_inet.c | 2 +- > net/netfilter/nf_flow_table_ip.c | 62 +++++-- > net/netfilter/nf_flow_table_offload.c | 40 +++-- > net/netfilter/nft_flow_offload.c | 13 ++ > net/sched/act_ct.c | 178 ++++++++++++++++----- > 10 files changed, 296 insertions(+), 82 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On Wed, May 17, 2023 at 1:01 AM Tony Duan <yifeid@nvidia.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/2019264 > > SRU Justification: > > [Impact] > > * This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. > > [Fix] > > * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns > cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections > cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace net/mlx5: Support GRE conntrack offload > cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 act_ct: Support GRE offload The above commit introduces a regression which is fixed in the upstream by commit 86360030cc5117596626bef1d937277cd2bebe05 ("net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6()"). Is there a valid reason for not including cherry-pick of it in this submission? -- Best regards, Bartlomiej > cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 netfilter: flowtable: Support GRE > cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state > cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload > cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules > cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state > cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata > > [Test Plan] > > * Create OVS bridge with 2 devices mlx5 rep devices. > Enable HW offload and configure regular connection tracking OpenFlow rules: > > e.g: > ovs-ofctl del-flows br-ovs > ovs-ofctl add-flow br-ovs arp,actions=normal > ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" > ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" > > Run a UDP single sided connection, e.g iperf without a server: > on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps > > Optional: In different terminal, while traffic is running, check for offload: > tcpdump -nnepi <RELEVANT_MLX5_REP> udp > and see no iperf udp packets. > > Dump conntrack with relevant ip: > cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" > > If tuple appears, tuple was offloaded, yet unreplied. > > [Where problems could occur] > > * Without this patch, it does not support UDP connections offloading > > [Other Info] > > * nothing > > v1->v2: > cherry pick 3 GRE offload patches to avoid confliction when cherry pick 6a9bad0. > > Toshiaki Makita (3): > netfilter: flowtable: Support GRE > act_ct: Support GRE offload > net/mlx5: Support GRE conntrack offload > > Vlad Buslov (7): > net: flow_offload: provision conntrack info in ct_metadata > netfilter: flowtable: fixup UDP timeout depending on ct state > netfilter: flowtable: allow unidirectional rules > netfilter: flowtable: cache info of last offload > net/sched: act_ct: set ctinfo in meta action depending on ct state > net/sched: act_ct: offload UDP NEW connections > netfilter: nf_conntrack: allow early drop of offloaded UDP conns > > drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- > .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ > include/net/netfilter/nf_flow_table.h | 8 +- > net/netfilter/nf_conntrack_core.c | 11 +- > net/netfilter/nf_flow_table_core.c | 15 +- > net/netfilter/nf_flow_table_inet.c | 2 +- > net/netfilter/nf_flow_table_ip.c | 62 +++++-- > net/netfilter/nf_flow_table_offload.c | 40 +++-- > net/netfilter/nft_flow_offload.c | 13 ++ > net/sched/act_ct.c | 178 ++++++++++++++++----- > 10 files changed, 296 insertions(+), 82 deletions(-)
On 5/31/2023 11:33 PM, Bartlomiej Zolnierkiewicz wrote: > External email: Use caution opening links or attachments > > > On Wed, May 17, 2023 at 1:01 AM Tony Duan <yifeid@nvidia.com> wrote: >> BugLink: https://bugs.launchpad.net/bugs/2019264 >> >> SRU Justification: >> >> [Impact] >> >> * This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. >> >> [Fix] >> >> * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns >> cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections >> cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace net/mlx5: Support GRE conntrack offload >> cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 act_ct: Support GRE offload > The above commit introduces a regression which is fixed in the > upstream by commit 86360030cc5117596626bef1d937277cd2bebe05 > ("net/sched: act_api: fix error code in > tcf_ct_flow_table_fill_tuple_ipv6()"). Is there a valid reason for not > including cherry-pick of it in this submission? > > -- > Best regards, > Bartlomiej Thanks for the comments. This patch should be included as well. I'll send another version for review. Thank you, Tony >> cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 netfilter: flowtable: Support GRE >> cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state >> cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload >> cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules >> cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state >> cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata >> >> [Test Plan] >> >> * Create OVS bridge with 2 devices mlx5 rep devices. >> Enable HW offload and configure regular connection tracking OpenFlow rules: >> >> e.g: >> ovs-ofctl del-flows br-ovs >> ovs-ofctl add-flow br-ovs arp,actions=normal >> ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" >> ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" >> ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" >> >> Run a UDP single sided connection, e.g iperf without a server: >> on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps >> >> Optional: In different terminal, while traffic is running, check for offload: >> tcpdump -nnepi <RELEVANT_MLX5_REP> udp >> and see no iperf udp packets. >> >> Dump conntrack with relevant ip: >> cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" >> >> If tuple appears, tuple was offloaded, yet unreplied. >> >> [Where problems could occur] >> >> * Without this patch, it does not support UDP connections offloading >> >> [Other Info] >> >> * nothing >> >> v1->v2: >> cherry pick 3 GRE offload patches to avoid confliction when cherry pick 6a9bad0. >> >> Toshiaki Makita (3): >> netfilter: flowtable: Support GRE >> act_ct: Support GRE offload >> net/mlx5: Support GRE conntrack offload >> >> Vlad Buslov (7): >> net: flow_offload: provision conntrack info in ct_metadata >> netfilter: flowtable: fixup UDP timeout depending on ct state >> netfilter: flowtable: allow unidirectional rules >> netfilter: flowtable: cache info of last offload >> net/sched: act_ct: set ctinfo in meta action depending on ct state >> net/sched: act_ct: offload UDP NEW connections >> netfilter: nf_conntrack: allow early drop of offloaded UDP conns >> >> drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- >> .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ >> include/net/netfilter/nf_flow_table.h | 8 +- >> net/netfilter/nf_conntrack_core.c | 11 +- >> net/netfilter/nf_flow_table_core.c | 15 +- >> net/netfilter/nf_flow_table_inet.c | 2 +- >> net/netfilter/nf_flow_table_ip.c | 62 +++++-- >> net/netfilter/nf_flow_table_offload.c | 40 +++-- >> net/netfilter/nft_flow_offload.c | 13 ++ >> net/sched/act_ct.c | 178 ++++++++++++++++----- >> 10 files changed, 296 insertions(+), 82 deletions(-)
On 5/31/23 7:59 PM, Tony Duan wrote: > On 5/31/2023 11:33 PM, Bartlomiej Zolnierkiewicz wrote: >> External email: Use caution opening links or attachments >> >> >> On Wed, May 17, 2023 at 1:01 AM Tony Duan <yifeid@nvidia.com> wrote: >>> BugLink: https://bugs.launchpad.net/bugs/2019264 >>> >>> SRU Justification: >>> >>> [Impact] >>> >>> * This patch adds support for to offload single sided UDP connections >>> by offloading only one side, and offloading the second side when/if >>> it comes. >>> >>> [Fix] >>> >>> * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 >>> netfilter: nf_conntrack: allow early drop of offloaded UDP conns >>> cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 >>> net/sched: act_ct: offload UDP NEW connections >>> cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace >>> net/mlx5: Support GRE conntrack offload >>> cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 >>> act_ct: Support GRE offload >> The above commit introduces a regression which is fixed in the >> upstream by commit 86360030cc5117596626bef1d937277cd2bebe05 >> ("net/sched: act_api: fix error code in >> tcf_ct_flow_table_fill_tuple_ipv6()"). Is there a valid reason for not >> including cherry-pick of it in this submission? >> >> -- >> Best regards, >> Bartlomiej > > Thanks for the comments. This patch should be included as well. I'll > send another version for review. > > Thank you, > > Tony > >>> cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 >>> netfilter: flowtable: Support GRE >>> cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb >>> net/sched: act_ct: set ctinfo in meta action depending on ct state >>> cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 >>> netfilter: flowtable: cache info of last offload >>> cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 >>> netfilter: flowtable: allow unidirectional rules >>> cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb >>> netfilter: flowtable: fixup UDP timeout depending on ct state >>> cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: >>> flow_offload: provision conntrack info in ct_metadata >>> >>> [Test Plan] >>> >>> * Create OVS bridge with 2 devices mlx5 rep devices. >>> Enable HW offload and configure regular connection tracking OpenFlow >>> rules: >>> >>> e.g: >>> ovs-ofctl del-flows br-ovs >>> ovs-ofctl add-flow br-ovs arp,actions=normal >>> ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk >>> actions=ct(table=1)" >>> ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new >>> actions=ct(commit),normal" >>> ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, >>> actions=normal" >>> >>> Run a UDP single sided connection, e.g iperf without a server: >>> on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps >>> >>> Optional: In different terminal, while traffic is running, check for >>> offload: >>> tcpdump -nnepi <RELEVANT_MLX5_REP> udp >>> and see no iperf udp packets. >>> >>> Dump conntrack with relevant ip: >>> cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | >>> grep -q "\[OFFLOAD\]" >>> >>> If tuple appears, tuple was offloaded, yet unreplied. >>> >>> [Where problems could occur] >>> >>> * Without this patch, it does not support UDP connections offloading >>> >>> [Other Info] >>> >>> * nothing >>> >>> v1->v2: >>> cherry pick 3 GRE offload patches to avoid confliction when cherry >>> pick 6a9bad0. >>> >>> Toshiaki Makita (3): >>> netfilter: flowtable: Support GRE >>> act_ct: Support GRE offload >>> net/mlx5: Support GRE conntrack offload >>> >>> Vlad Buslov (7): >>> net: flow_offload: provision conntrack info in ct_metadata >>> netfilter: flowtable: fixup UDP timeout depending on ct state >>> netfilter: flowtable: allow unidirectional rules >>> netfilter: flowtable: cache info of last offload >>> net/sched: act_ct: set ctinfo in meta action depending on ct state >>> net/sched: act_ct: offload UDP NEW connections >>> netfilter: nf_conntrack: allow early drop of offloaded UDP conns >>> >>> drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- >>> .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ >>> include/net/netfilter/nf_flow_table.h | 8 +- >>> net/netfilter/nf_conntrack_core.c | 11 +- >>> net/netfilter/nf_flow_table_core.c | 15 +- >>> net/netfilter/nf_flow_table_inet.c | 2 +- >>> net/netfilter/nf_flow_table_ip.c | 62 +++++-- >>> net/netfilter/nf_flow_table_offload.c | 40 +++-- >>> net/netfilter/nft_flow_offload.c | 13 ++ >>> net/sched/act_ct.c | 178 >>> ++++++++++++++++----- >>> 10 files changed, 296 insertions(+), 82 deletions(-) > > > Cap off this thread
BugLink: https://bugs.launchpad.net/bugs/2019264 SRU Justification: [Impact] * This patch adds support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. [Fix] * cherry-pick df25455e5a489764508942b77b77de8f550e92cd df25455 netfilter: nf_conntrack: allow early drop of offloaded UDP conns cherry-pick 6a9bad0069cf306f3df6ac53cf02438d4e15f296 6a9bad0 net/sched: act_ct: offload UDP NEW connections cherry-pick 1918ace1382d43430c8a61294fa4385065a46804 1918ace net/mlx5: Support GRE conntrack offload cherry-pick fcb6aa86532c1f321440f56f739a26ef856e6475 fcb6aa8 act_ct: Support GRE offload cherry-pick 4e8d9584d154479d357327f76d4e49486915c9c9 4e8d958 netfilter: flowtable: Support GRE cherry-pick d5774cb6c55c8721c2daf57cc5e5345e3af286ea d5774cb net/sched: act_ct: set ctinfo in meta action depending on ct state cherry-pick 1a441a9b8be8849957a01413a144f84932c324cb 1a441a9 netfilter: flowtable: cache info of last offload cherry-pick 8f84780b84d645d6e35467f4a6f3236b20d7f4b2 8f84780 netfilter: flowtable: allow unidirectional rules cherry-pick 0eb5acb16418898c3d813e2c2d59a7ea7763a824 0eb5acb netfilter: flowtable: fixup UDP timeout depending on ct state cherry-pick 29744a10c59ede4f996c0c893127ac11bcc85c0c 29744a1 net: flow_offload: provision conntrack info in ct_metadata [Test Plan] * Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c <ip>-u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi <RELEVANT_MLX5_REP> udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i <ip> | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. [Where problems could occur] * Without this patch, it does not support UDP connections offloading [Other Info] * nothing v1->v2: cherry pick 3 GRE offload patches to avoid confliction when cherry pick 6a9bad0. Toshiaki Makita (3): netfilter: flowtable: Support GRE act_ct: Support GRE offload net/mlx5: Support GRE conntrack offload Vlad Buslov (7): net: flow_offload: provision conntrack info in ct_metadata netfilter: flowtable: fixup UDP timeout depending on ct state netfilter: flowtable: allow unidirectional rules netfilter: flowtable: cache info of last offload net/sched: act_ct: set ctinfo in meta action depending on ct state net/sched: act_ct: offload UDP NEW connections netfilter: nf_conntrack: allow early drop of offloaded UDP conns drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 25 ++- .../net/ethernet/netronome/nfp/flower/conntrack.c | 24 +++ include/net/netfilter/nf_flow_table.h | 8 +- net/netfilter/nf_conntrack_core.c | 11 +- net/netfilter/nf_flow_table_core.c | 15 +- net/netfilter/nf_flow_table_inet.c | 2 +- net/netfilter/nf_flow_table_ip.c | 62 +++++-- net/netfilter/nf_flow_table_offload.c | 40 +++-- net/netfilter/nft_flow_offload.c | 13 ++ net/sched/act_ct.c | 178 ++++++++++++++++----- 10 files changed, 296 insertions(+), 82 deletions(-)