From patchwork Tue May 16 22:59:50 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782370
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=lpNIqVhi;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtC62rGz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:34 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3eX-0008Go-31; Tue, 16 May 2023 23:00:21 +0000
Received: from mail-dm3nam02on2074.outbound.protection.outlook.com
 ([40.107.95.74] helo=NAM02-DM3-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3eS-0008GA-5u
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=My9q1jVJQSChmPSm3TC1nkmooBnVjhwLmqZsC2MbqxcS7HxXuoOGfv71PodlSQR0kKbSHrlyyUemCGKCMKX50ZEDisAct9kRPkcwaa5NohoWQOqc5mP23lIPs28c2ff5p3J/ClmJYJ1N8Ro5sXfAnDJWFHT16b8CqzGr5+Rt33d820vMjEB/x56ip9FXbrXBT2ddpYZXeG6mluU+poNPvDM3mjxpNbo9BkJTk7yRMULO4K9wgCqS0SDT5rmnz/u6xigwLHVxtb51GESJI/kowycAhrvkDSZgtWZeVRs6lpYZqK1H1Rm6sFGvI/i6MjGvr8x6ckaPLlo0xuvdQ1Szkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=qDZirguK9cD1Q3B/JpyZpxeSwPkhsjqcdIfPaLPuQ58=;
 b=DbhoSprj192fT0ymLSx0Jg+RyjqUuwu6FCCAabnPiC4C01ieODMkx9p8cvXMZYPAbGNvX719e7Xt356ZI5xbwppsCTPhQfFgW+2UyIgjOjY/K6ur5BRIauPDkATNqowWUIVdXfMFF4zqmE/NIzqAvH4F+XuVnuME+wYrTGv5ER7+ql6I6xtiu4nBkN5vWfD2GkAzsKq8moha/Md6YCBZFjZHPPR2KOyDGC2CRTG2NLiU7JlOFLIGAbGkLg7zijRm3voD1k8DV+Wjpc6OwWBgu9ly6LOGgReJ32NLGgUSg6embTztciVREKcBAWx73dvJWwLsk6yNmG7MFFz7ReQsgw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.233) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=qDZirguK9cD1Q3B/JpyZpxeSwPkhsjqcdIfPaLPuQ58=;
 b=lpNIqVhi5lPNxjCn/y0DOKCVXKjuqCu3GnUvWzMB4Y4+eY9lGNP7SpihwCfhde6TUNSV/aS86El3tI3eGtPwANdhI1XbULxAoWHCnO6npdL7cm0clnD1lbbEtzEdmMW4DdZEk44kgF6wx58SiOppoH1i7bj9RVil6Yvktb0ebCCqTKbuO6EiEbICclD82ImtVu8Ipeh3iE6keMpYoVO70zCbbzW1nnBW0Okb4hyKrn3SDYUFg+aM/w9vTlk0EGW9rQLnW6igodVdChJhmn9uB7lnvxUmXRgFdb+SUa9fusHwpMwqdfuiLO6Vj6eOzMpmpeU0C3MYLNov2FD8V/SXXQ==
Received: from MW3PR06CA0018.namprd06.prod.outlook.com (2603:10b6:303:2a::23)
 by BY5PR12MB4146.namprd12.prod.outlook.com (2603:10b6:a03:20d::24)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.32; Tue, 16 May
 2023 23:00:12 +0000
Received: from CO1NAM11FT025.eop-nam11.prod.protection.outlook.com
 (2603:10b6:303:2a:cafe::e9) by MW3PR06CA0018.outlook.office365.com
 (2603:10b6:303:2a::23) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:12 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.233 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.233) by
 CO1NAM11FT025.mail.protection.outlook.com (10.13.175.232) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.15 via Frontend Transport; Tue, 16 May 2023 23:00:12 +0000
Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com
 (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:05 -0700
Received: from drhqmail203.nvidia.com (10.126.190.182) by
 drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.986.37; Tue, 16 May 2023 16:00:05 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:04 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSf019536;
 Wed, 17 May 2023 02:00:01 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 01/10] net: flow_offload: provision
 conntrack info in ct_metadata
Date: Tue, 16 May 2023 17:59:50 -0500
Message-ID: <1684277999-18029-2-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1NAM11FT025:EE_|BY5PR12MB4146:EE_
X-MS-Office365-Filtering-Correlation-Id: 06b56b48-93a4-450d-aee0-08db56614e45
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 xjOQc2dQiqDA9mW7QAt0qLlBudAhgZT1RgXyo/MzVK0ObjIFyy821K7uYRIlInd7IEZvRuSwoiKcbB2Hg6kbEEgAd4UEPuVrrfOQDaXWX9W4rpVyI+tiKxE4v3BqlcX9c9CNspDLgf705CzOKhZk5bnyqrfUGIYBSiuRDFlS/cedWmCr0zb2fJwC9etRp9sUAVZgH8Sde1xY9QukHWI0nkJmS+Y+GQHcJnn4+b7jJWVIV/Ufkd7rJ6mxky3KFKomZSTPdyV7xGuqa0AEwz3J+bs4rQmNs3bZu0Ka3Rm6o+flgaJx2SCKdAyWOjpN4MPX8jAOdWIIan7LLo5E3WoGfFKOGysCpc+TX749IR04g0VcBPNK5KRcGbEJZZcGszpNvJwQMHMTziEFVPirizXl5T6PMW1DvPjZHviUFPUOu4RNk97KOuO2IaTaFck4ZMTfTVLY92WwbxfziyIQr2NErFPeaEr9mDJhN38RPgJBbZmkSAKDNfD+JlW103cFsxq3MhsTDiYEqLQLqGeywYUPQBGBIMpuMJXPWHIwIHdTaNgEv7RCzywdOkOT2WVf2slmfetavIgmuN9CrHjzf5LvWYTD6zGh8S3Tmpc5KjpylcxXF4u5erIiOCMD6h6VSFaAShVcMFCJuePWienZ0Pn+z/tf/BaAlmQJwfwBpEbYzAPjGYqVP6KMuMv13Jy4eoch0jbQOBxl43hXXA7VJnTmWZ65Xb/AgLBbjAqky55cm1BCvO+ZmdrcEnN3SbXHoTYE5NQ0cdgj9MGGtmsQ1ue2xAGiiZjhNi9s9lVA7HDI/Hw=
X-Forefront-Antispam-Report: CIP:216.228.118.233; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge2.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(376002)(396003)(346002)(136003)(39860400002)(451199021)(36840700001)(40470700004)(46966006)(186003)(2616005)(26005)(966005)(336012)(82310400005)(47076005)(83380400001)(6666004)(40460700003)(36860700001)(36756003)(5660300002)(316002)(2906002)(478600001)(40480700001)(82740400003)(86362001)(70206006)(4326008)(6916009)(70586007)(8936002)(41300700001)(8676002)(54906003)(7636003)(356005);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:12.7281 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 06b56b48-93a4-450d-aee0-08db56614e45
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.233];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT025.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4146
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

In order to offload connections in other states besides "established" the
driver offload callbacks need to have access to connection conntrack info.
Flow offload intermediate representation data structure already contains
that data encoded in 'cookie' field, so just reuse it in the drivers.

Reject offloading IP_CT_NEW connections for now by returning an error in
relevant driver callbacks based on value of ctinfo. Support for offloading
such connections will need to be added to the drivers afterwards.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 29744a10c59ede4f996c0c893127ac11bcc85c0c)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  4 ++++
 .../net/ethernet/netronome/nfp/flower/conntrack.c  | 24 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
index 94200f2..53684ac 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -1007,12 +1007,16 @@ static void mlx5_tc_ct_entry_del_work(struct work_struct *work)
 	struct mlx5_tc_ct_priv *ct_priv = ft->ct_priv;
 	struct flow_action_entry *meta_action;
 	unsigned long cookie = flow->cookie;
+	enum ip_conntrack_info ctinfo;
 	struct mlx5_ct_entry *entry;
 	int err;
 
 	meta_action = mlx5_tc_ct_get_ct_metadata_action(flow_rule);
 	if (!meta_action)
 		return -EOPNOTSUPP;
+	ctinfo = meta_action->ct_metadata.cookie & NFCT_INFOMASK;
+	if (ctinfo == IP_CT_NEW)
+		return -EOPNOTSUPP;
 
 	spin_lock_bh(&ct_priv->ht_lock);
 	entry = rhashtable_lookup_fast(&ft->ct_entries_ht, &cookie, cts_ht_params);
diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
index 7e9fcc1..39cb8e6 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
@@ -1658,6 +1658,27 @@ int nfp_fl_ct_stats(struct flow_cls_offload *flow,
 	return 0;
 }
 
+static bool
+nfp_fl_ct_offload_nft_supported(struct flow_cls_offload *flow)
+{
+	struct flow_rule *flow_rule = flow->rule;
+	struct flow_action *flow_action =
+		&flow_rule->action;
+	struct flow_action_entry *act;
+	int i;
+
+	flow_action_for_each(i, act, flow_action) {
+		if (act->id == FLOW_ACTION_CT_METADATA) {
+			enum ip_conntrack_info ctinfo =
+				act->ct_metadata.cookie & NFCT_INFOMASK;
+
+			return ctinfo != IP_CT_NEW;
+		}
+	}
+
+	return false;
+}
+
 static int
 nfp_fl_ct_offload_nft_flow(struct nfp_fl_ct_zone_entry *zt, struct flow_cls_offload *flow)
 {
@@ -1670,6 +1691,9 @@ int nfp_fl_ct_stats(struct flow_cls_offload *flow,
 	extack = flow->common.extack;
 	switch (flow->command) {
 	case FLOW_CLS_REPLACE:
+		if (!nfp_fl_ct_offload_nft_supported(flow))
+			return -EOPNOTSUPP;
+
 		/* Netfilter can request offload multiple times for the same
 		 * flow - protect against adding duplicates.
 		 */

From patchwork Tue May 16 22:59:51 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782372
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=UNQGXw4w;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtC64FNz20dq
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:34 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3eY-0008HF-DX; Tue, 16 May 2023 23:00:22 +0000
Received: from mail-bn8nam12on2089.outbound.protection.outlook.com
 ([40.107.237.89] helo=NAM12-BN8-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3eW-0008GW-HF
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:20 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bkLJ5CI8GBMJfhoa79pQc8mHiO+SCpUmkyJgYXmf1+AmR9ikiRXNoqx18PwGenUsKm0A+PxFrDJoAdJfL/zhrD04Xr8MUQXPdjtXBQiHlXQ1xEOMlQjIvvVRxSYO98M0Amdo/2TLyeNaTzH1z8KGRtzS6LTnirE+IMc+Y3xidBLvsYMYPxFAd0OiLvQAvB1LyKvnneO2IfSzUxpkqJeuSoBQXxwl59BYu+3TlvDLPCnI0eFDdcx8WkHo2EPE6520RQ38WRZ6u0jPnHagyweGtRYbf/kkDDGPpq9NLxUF248vI7aIyMQWA/2Pss5WqkfeIeBZFr54hM9c0vCRj2ifDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=IVu09A3CFmuFsvdkFh3UvX4r3qY/U4QNq8atG7sgszE=;
 b=NoR9kPUVGqlalwyiohyZFAKKzan5vWeh39DXE1Bok4SPAdxW5DBKZDTH6z8sTdZhpHinu/uftxO13YQvTSm+O00WDLAF5WfWTma8Y0YCFrXDBl2VrE2T3Th+MyBx3wDfqhlMAea+gs9awf2sqP36p05w9UCw3LdGPU42yNIaoapet9gqklwZ2/EuTvsaiZTgspHnqSmh0o6DOl63ho9is2YqVCksoyCrOvulHWQZiIyAjPo40Pj3NBYd81pdABoAS1IDBtw+6/zSjsA4U/7UYmXykLPE6d2lVg4L7+I3gCkrUpALNrzPiwtiyYXvTGNvrmruuBWM8J7ycUU2XZvdBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=IVu09A3CFmuFsvdkFh3UvX4r3qY/U4QNq8atG7sgszE=;
 b=UNQGXw4wzXe5JEqSyEExcdaeK76+fBmN4O3x5rN+ohm+UsKA7WXUOgCbqmYhqzapApX2xUWKgwmR9M/eb/yS15kuueYIQDsjj4gCyHxB6r3lJzKny+QEwY6OXYpIHJOaw59K2FrWkrLpSYJd+OQ/RQPVqXeLFUqz90+WKDZXtEsMoK08nXHeevTU2wCv3ffXqNkoGHdpIkJZGu5ftRdZEu927smeYeGCamIUt/Ah3oFQR47tqt1DXQyg0wuKZjaFKZU51uwGkBRx77FADJ9dJAQDZhgYhy4Xt1z9ow8kugnY/+oE3wo/PWW6CWOwDEdeHbvMnH/tAVgT2Qw9HndiWA==
Received: from DM6PR11CA0068.namprd11.prod.outlook.com (2603:10b6:5:14c::45)
 by MN0PR12MB6029.namprd12.prod.outlook.com (2603:10b6:208:3cf::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Tue, 16 May
 2023 23:00:18 +0000
Received: from DM6NAM11FT062.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:14c:cafe::38) by DM6PR11CA0068.outlook.office365.com
 (2603:10b6:5:14c::45) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.31 via Frontend
 Transport; Tue, 16 May 2023 23:00:17 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.232 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.232) by
 DM6NAM11FT062.mail.protection.outlook.com (10.13.173.40) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.17 via Frontend Transport; Tue, 16 May 2023 23:00:17 +0000
Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com
 (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:07 -0700
Received: from drhqmail202.nvidia.com (10.126.190.181) by
 drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.986.37; Tue, 16 May 2023 16:00:06 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:06 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSg019536;
 Wed, 17 May 2023 02:00:03 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 02/10] netfilter: flowtable: fixup
 UDP timeout depending on ct state
Date: Tue, 16 May 2023 17:59:51 -0500
Message-ID: <1684277999-18029-3-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT062:EE_|MN0PR12MB6029:EE_
X-MS-Office365-Filtering-Correlation-Id: 88f299d4-a7f4-4230-a9b0-08db5661511a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 2FroeJfgZCxnT1/bG2WW0VhoXdPigdpPV1f8dad0EvQ77gJ20IaDUddpdbxdwVR6qkLyOZHrNoOeLM6Jn1WQP7YmldEGhB5c4xBHS8WoyHkQNkYss2CnymiGV+bmxTn42XzezGTZnPXLpTQQlyLSkA1dSQZh2OkXRPAt4n/kwp/wy8BN55zDzqyneQihbWL1bXIXjXMmYcALdx98zdnHUi/aZTyvLXoDOR1mKvpFtBmQUWycTXjKTN8kXf46bn6UuymDzAu8k6YbsmsBxT2R6b41Zr4NvH9HbypJn6RpfhxD0eNqnwXmKs/Upq/kM/25pozCrtuiBiXqhBCDUxid/9sOBT+QlxYWWx2uH8GnH9YD/Ivv+c7ERiyYe1oPR7pLcocUp2rMHpJbk2W6ldh12EMayIZfSYRMIw7g6fZKxkdJdihBJqmpSw9FWo0PKLE3HTJhxu0aAHn4Vn/t0mh1wkUqPmjqOGB8Wjtb4u/6ANPbnAnhwzc2D/mb3JSmg/LWDdax450OsdoGh2cJjdrpWZ4pUvQ+pEtaDRQ4p4EUUvSRpIepbHZm166sbNwc9fDK2wtDu917nToXjfjhCUi2bvIQtswnnJRaxxeryFyNItQn+aUqHSMYtgXMaJwgprDWjKFqImcVzpjieSLsW6Zp8ZgD2bQ01JsCYdj03mPYqTACe3kbIZCbE2M9SQvkCJGj/dkUJlE1da1vTuO9IQ9wjj/6OrMcLs0mwgpJAd/Cnkm3KF2cgfOD4o637kTV3Wr8bvzKD7JfH7xs8QBiIQKySJbQCt3JIFFIh1sdJosrWxs=
X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(396003)(376002)(136003)(39860400002)(346002)(451199021)(40470700004)(36840700001)(46966006)(186003)(36860700001)(70206006)(70586007)(6916009)(356005)(316002)(7636003)(26005)(86362001)(82740400003)(4326008)(6666004)(966005)(82310400005)(47076005)(83380400001)(2616005)(336012)(478600001)(40460700003)(36756003)(54906003)(5660300002)(2906002)(40480700001)(41300700001)(8676002)(8936002);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:17.4169 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 88f299d4-a7f4-4230-a9b0-08db5661511a
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT062.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6029
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Currently flow_offload_fixup_ct() function assumes that only replied UDP
connections can be offloaded and hardcodes UDP_CT_REPLIED timeout value. To
enable UDP NEW connection offload in following patches extract the actual
connections state from ct->status and set the timeout according to it.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 0eb5acb16418898c3d813e2c2d59a7ea7763a824)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/netfilter/nf_flow_table_core.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 4f61eb1..946cdcc 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -192,8 +192,11 @@ static void flow_offload_fixup_ct(struct nf_conn *ct)
 		timeout -= tn->offload_timeout;
 	} else if (l4num == IPPROTO_UDP) {
 		struct nf_udp_net *tn = nf_udp_pernet(net);
+		enum udp_conntrack state =
+			test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ?
+			UDP_CT_REPLIED : UDP_CT_UNREPLIED;
 
-		timeout = tn->timeouts[UDP_CT_REPLIED];
+		timeout = tn->timeouts[state];
 		timeout -= tn->offload_timeout;
 	} else {
 		return;

From patchwork Tue May 16 22:59:52 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782373
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=GtMn2wLm;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtH5HdKz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:39 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3ef-0008Mx-Mt; Tue, 16 May 2023 23:00:29 +0000
Received: from mail-co1nam11on2073.outbound.protection.outlook.com
 ([40.107.220.73] helo=NAM11-CO1-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3ec-0008JJ-RX
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:27 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QRb9Ti+2MUytz4Sz/dYiV2PFR71DzhIHEfDamnNjpORP9+6XTzNxrP7BhpFUc4zRbKtHSfWstRSf1AFGggYMsoOyrSJj2Z/FqO9eLhf8Hd2gZckfyOlMzVrm0xCh5VdF9ju4XUsw6xTB4jrCocqaqIzcVXZvcnWuhVjNSBkOpXdvMNlQDUO7GG4iEd9ynHlmMsNroBqtjDrOz+M6jmM5VLOfmUZUqKx2FxLJL0+DNhBDF39CTglsqNpr8px11cz+aOvxuyf8c49WJR3SIWD95eI6pKlI5b6dMF4xYwrVA+dJ7qFyHolumbdBcp3O6Vvqcyd2qrW4lekPJ9y0YuYgGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=AD748EAEds5M+PJgUIct87RnT5bMCxFJbHbO/YSMnSg=;
 b=QXTcXP0r9R/JRmL/lNFmCsVILmT4TMR7vmGaXiZUh2wByjZQfJhbZy6f64tlizc5vBoa4xiRHxrrEnE9XMKbLAHyIb99sZ5Ah/8rbBSezji9XxN/JX9qhGN+v6nXTHHf3jjUOE+WD02bkProlLlY0yjuYuP1EZMTTnd0V9NW54P9hJh5g//12BMszpHPmk7NtefQSwSLw3o1x8QAlBVo8vXqsh9PoTfE4h7hFSAmDLV7FUXmXwDeLwHI8x7NPda3RTRuupRK/9WPzjYUT2N+uv8PABEaGCj367Z19j6ytsQEmewqYzNdHaMdRBO9EWonQFhgHu43/I0FUC9rKy+13g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=AD748EAEds5M+PJgUIct87RnT5bMCxFJbHbO/YSMnSg=;
 b=GtMn2wLmPyFKcyig7qM3AK0zjrimA3DFKVqEFeoEcytlcgsoQgOnBL18jRmFM/nYjAmWQ1mSjbCCE51QYqA7RFZLRsy8KGMH7uU4uifuTYEeKKKt0t1UtE9WEfe4RSLoqiMDTc77C8vYbyTyuxLEntYDdt5GsjZqZVYYspmqnaiTMH4Yh6vnt28PbniekMeGWO+bt4aZgTC7krKGqvxLhHSgy8N4TlpXMxCqOkFFEcOZ+0paRgxQATpAxMSUua0jl9vowmrsE92m70NgpY2ZUKTe9I/L1we5UQHE24j2IJMu8ldRZARvMGHG6eJZoYjIDhtZOndlOTpSPC09AoWt3w==
Received: from BYAPR02CA0047.namprd02.prod.outlook.com (2603:10b6:a03:54::24)
 by SJ0PR12MB6735.namprd12.prod.outlook.com (2603:10b6:a03:479::8)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Tue, 16 May
 2023 23:00:23 +0000
Received: from CO1NAM11FT006.eop-nam11.prod.protection.outlook.com
 (2603:10b6:a03:54:cafe::c8) by BYAPR02CA0047.outlook.office365.com
 (2603:10b6:a03:54::24) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:23 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.160) by
 CO1NAM11FT006.mail.protection.outlook.com (10.13.174.246) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.17 via Frontend Transport; Tue, 16 May 2023 23:00:23 +0000
Received: from rnnvmail204.nvidia.com (10.129.68.6) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:09 -0700
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail204.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:09 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:08 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSh019536;
 Wed, 17 May 2023 02:00:05 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 03/10] netfilter: flowtable: allow
 unidirectional rules
Date: Tue, 16 May 2023 17:59:52 -0500
Message-ID: <1684277999-18029-4-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1NAM11FT006:EE_|SJ0PR12MB6735:EE_
X-MS-Office365-Filtering-Correlation-Id: 6a26d0d4-1dc7-4190-a436-08db56615483
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 phgeosg3WTKb/Ku4/HVxr+80MM/MxO8tB8/PBOpBLQaC+qY8aiZwGn1h7tV/mVORyJ0JJMTy5dMC40+T3EO2yrWznHGwlQCAzfOgSKB7K18YqaO3gU6DPJsUF3CGyU4GvNx/vGe4fRGm2WgCpFpgGioX96C4y8DdmwWLQ7J8GaRbM8ssVFC2RABxERCR1kyWuXI9+RonpwBcYWiicD8EBaQXyyXUnerygxuJ+m8ZA82LB4KukdtM9NRwIvD1H7PNR9kVDK+oxUDKRvk26mxU5OlFDNbpF7RMH6ez2famalq63W3GGeFRe6CU52dQDl/Tyw1dScvDJ5fKiSDbkpuq4DKv+HTdFhunxA41Q4Q01nyQDii/SHMYauzYgqTcXy6Fp8gjsCy7M5wMzlqo8mXRqr1dhLzN0IGXox6sxGj3rrGQpFm6E+tMRMR5XFdqsC/QiLGK1FqHQM78yUzygvzd2RV37E+TIQeZpXHrrvew3S+pBzp3THcg9B46I+UQ1f++r8A7WTXW14gznDGBW8AUZQBjXorz85AJDKzJQIUCWlG8y2mtLpQPLR9wkKGvenfVGhuBTVKwIycPFpquJzwMoIpCY6O5gPTDWBUttkz2pOfwjDIBaOBtMKROZJRwMKTWof63TaB5QVrjdPpumVmehyqRIb8Yi8f59xqrZo/D8so0EziZvj4UJu/SQ3hLLYRQ81Pihsn9um/o+uFZSo0jglpYskj1nIYr087nvytrwUTvBsO0p3yc5gNkWEUZesKO+FNk03PlciFj5T8s8v2RvYSeaAWsfveMJmc6ghSIPUs=
X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(39860400002)(451199021)(36840700001)(40470700004)(46966006)(36756003)(2906002)(40460700003)(356005)(7636003)(316002)(5660300002)(8676002)(8936002)(82310400005)(41300700001)(40480700001)(36860700001)(6666004)(478600001)(336012)(26005)(186003)(86362001)(2616005)(966005)(6916009)(47076005)(4326008)(70586007)(83380400001)(70206006)(82740400003)(54906003);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:23.1693 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6a26d0d4-1dc7-4190-a436-08db56615483
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT006.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6735
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Modify flow table offload to support unidirectional connections by
extending enum nf_flow_flags with new "NF_FLOW_HW_BIDIRECTIONAL" flag. Only
offload reply direction when the flag is set. This infrastructure change is
necessary to support offloading UDP NEW connections in original direction
in following patches in series.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 8f84780b84d645d6e35467f4a6f3236b20d7f4b2)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 include/net/netfilter/nf_flow_table.h |  1 +
 net/netfilter/nf_flow_table_offload.c | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 9c93e49..aa50136 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -164,6 +164,7 @@ enum nf_flow_flags {
 	NF_FLOW_HW_DYING,
 	NF_FLOW_HW_DEAD,
 	NF_FLOW_HW_PENDING,
+	NF_FLOW_HW_BIDIRECTIONAL,
 };
 
 enum flow_offload_type {
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index fdbc9fb..2e93a36 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -886,8 +886,9 @@ static int flow_offload_rule_add(struct flow_offload_work *offload,
 
 	ok_count += flow_offload_tuple_add(offload, flow_rule[0],
 					   FLOW_OFFLOAD_DIR_ORIGINAL);
-	ok_count += flow_offload_tuple_add(offload, flow_rule[1],
-					   FLOW_OFFLOAD_DIR_REPLY);
+	if (test_bit(NF_FLOW_HW_BIDIRECTIONAL, &offload->flow->flags))
+		ok_count += flow_offload_tuple_add(offload, flow_rule[1],
+						   FLOW_OFFLOAD_DIR_REPLY);
 	if (ok_count == 0)
 		return -ENOENT;
 
@@ -917,7 +918,8 @@ static void flow_offload_work_del(struct flow_offload_work *offload)
 {
 	clear_bit(IPS_HW_OFFLOAD_BIT, &offload->flow->ct->status);
 	flow_offload_tuple_del(offload, FLOW_OFFLOAD_DIR_ORIGINAL);
-	flow_offload_tuple_del(offload, FLOW_OFFLOAD_DIR_REPLY);
+	if (test_bit(NF_FLOW_HW_BIDIRECTIONAL, &offload->flow->flags))
+		flow_offload_tuple_del(offload, FLOW_OFFLOAD_DIR_REPLY);
 	set_bit(NF_FLOW_HW_DEAD, &offload->flow->flags);
 }
 
@@ -936,7 +938,9 @@ static void flow_offload_work_stats(struct flow_offload_work *offload)
 	u64 lastused;
 
 	flow_offload_tuple_stats(offload, FLOW_OFFLOAD_DIR_ORIGINAL, &stats[0]);
-	flow_offload_tuple_stats(offload, FLOW_OFFLOAD_DIR_REPLY, &stats[1]);
+	if (test_bit(NF_FLOW_HW_BIDIRECTIONAL, &offload->flow->flags))
+		flow_offload_tuple_stats(offload, FLOW_OFFLOAD_DIR_REPLY,
+					 &stats[1]);
 
 	lastused = max_t(u64, stats[0].lastused, stats[1].lastused);
 	offload->flow->timeout = max_t(u64, offload->flow->timeout,

From patchwork Tue May 16 22:59:53 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782374
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=lmazOb6W;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtL4JcCz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:42 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3ej-0008Re-4E; Tue, 16 May 2023 23:00:33 +0000
Received: from mail-dm6nam12on2041.outbound.protection.outlook.com
 ([40.107.243.41] helo=NAM12-DM6-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3eg-0008Mr-7B
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:30 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=j/dziNHPmzT8WXY1X1FkSjDSM+taCEpo9dfP8hgYGwkhp4+Y7glQAeVrKStQWZh0u2EppsbKsCUOtmfsD6CeAbIZLI9t7KH5q/fkQrzDw4Q5Fa/JlagVTv/qnNDVxCFdGm5M5J/yYkpqcwZ9ucjPul8KpT6gWeSUYjIw22fewCJ6jDkbDS2DezyTjZ5GGWlorKk3HPX4y5dppvYKcLfzRSiHb2+zqz0vRswaW3ZP+N7vw3/vicbQ6EwKW5gOJ2kdwxl/JVZ+4H0GrC1cqOjL78xuEZCUzLAhoxUsmua7PxIvdWRE5FV5NmklX7fZu8b+Loeti+xjMpo8sECdhj4ZCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=zJTB+sB1yoQV/bhIj76R8vq7HgJuHEumtDU0nMCRMfE=;
 b=YRTrDWqxDfM2WE4ih3J66Z4WlCKIzoa2zsyN0dFdkFSR+19ZIUmU6uxzsJwuNwqe9MUcCBoj8v4C+Qwj08kLvo9pmgjhDuDOuF/ss9ExzftY7FWfb9ud+ZjtonMLwQUCnUOwnGh6bZOl48v23vBe2uw9dmzpUe+PZ89HHMgDj7tDA0hFlXKGhCO9+xwZsy9IPuTc6j/mTWSUp1GkMmBDSdQah9S8chyOQbTHssmWoESFUtFoBF2UJyrQOhisdUnc7yYJnZX3RG9TCmqNYtgwx04zwOm4r/0i0jznn4etcUIImme27rPz/4NI9X/aXYeHRik8uQ6ikeiNyme+BcJgYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=zJTB+sB1yoQV/bhIj76R8vq7HgJuHEumtDU0nMCRMfE=;
 b=lmazOb6WrO+kjZs8vj/kNnClBQU2jd/59/pQJ2lj4DY9afWw+s6Hc96uEjBQ4u1umL6jWnDRLSDUHoEBesy3n5EUVV18noR9Gsvoj0ay1evMXQzVlzrhzoLlW9pbrCh9QAgyAJR0HspOJp06lZ9vwZyDCTdnZKTkYSxWwEZevwf7rR6eWBZ3MEDkWHvLLXIyWIw9zbRN6Ued2e6b1Y2VZ7z3SCsgR0FRkisz4VlPgkKhU4Bxe9rhXcgspx+8goMsycMyYmtxxvT7fbQeKX+k7ZSQZqA/CkINpqovvagAvmCGxxaDbAbdfvcm/SYsKhuP1tpI+UPPLT7MbQ6gQ1Xtow==
Received: from MW4PR03CA0093.namprd03.prod.outlook.com (2603:10b6:303:b7::8)
 by DS7PR12MB8324.namprd12.prod.outlook.com (2603:10b6:8:ec::9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6387.30; Tue, 16 May 2023 23:00:25 +0000
Received: from CO1NAM11FT036.eop-nam11.prod.protection.outlook.com
 (2603:10b6:303:b7:cafe::27) by MW4PR03CA0093.outlook.office365.com
 (2603:10b6:303:b7::8) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:24 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.160) by
 CO1NAM11FT036.mail.protection.outlook.com (10.13.174.124) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.15 via Frontend Transport; Tue, 16 May 2023 23:00:24 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:10 -0700
Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:10 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:09 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSi019536;
 Wed, 17 May 2023 02:00:06 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 04/10] netfilter: flowtable: cache
 info of last offload
Date: Tue, 16 May 2023 17:59:53 -0500
Message-ID: <1684277999-18029-5-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1NAM11FT036:EE_|DS7PR12MB8324:EE_
X-MS-Office365-Filtering-Correlation-Id: e49c2f07-ddaa-462d-affe-08db56615545
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 ZkBEA1GMekYV0PN3MQ3jnj83wXMXfOwSatP0q4u4qZHnAFClyIvxXQ0pEGANdXjMXsoqWP3/GfBbXquL1wNjcFuIPBgFrWY2kIXSIiLbRlqRQNfvZ+VeXEVPxi3k4eEKnxMxhNPjo9jAJVMvIkAlP5jPB3q1xQt+o1qHafw65WJkvQ+9LVtOVF/qmMS65Bi654qS5uJMbuwzNPpuVrMJuwK7cYg05wOa2chqhxb1WYXbF4F5f6QKQsIFlk1mNk2bYkAB098rZAfcJSxjR8R5oaHm5eu+ar+99gwaR41v1tJgYGHl9r3ptDJUZnfvGVZeUeYxGVH55tUTGRGEHxH+VnLQq5ZY3pMTaLvSxZlxkyxu1Jj+10d9Xx9uFgnNn3LS6DlW8Uvfy9dCFF2Bs5ZaAwuk9XmzYlJSb/dEHIxVrflKX2/lfe57jX0vhmVkyU5GpPdHrEeFIWp4AeK6ImzjvjtqdO/VFk5U2l8wBzgFV4lGWZM3riJhB6ABvQybyifon6/xDxzPvLgy0HdAUS5+Gjo9sZwNgZvMf+gy2bLn591seCDfhH3BCTAn2vk4CRSHX7NzU3UzK5uFMvnH3q2ZmMxgJ37fGSvZf6nODF91FLxaRPXQux/V8wNCJPLIqnIHRQDhiNmHzXLwZ3CMKdf9rAqjDxZyFC3ucax7hcfhM2NWQRxPxRV82dZeu6poftO0cYBYlmUCSL7juZtdvIeP9OAwr6nE9SIR/+ZvR16soSzBALsMnOeLMqpED5ZXuwISLuCksVfSsDCrJi7GwaHVJw==
X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(376002)(136003)(396003)(346002)(39860400002)(451199021)(46966006)(36840700001)(40470700004)(40460700003)(54906003)(478600001)(5660300002)(8936002)(8676002)(2906002)(36756003)(86362001)(82310400005)(7636003)(6916009)(82740400003)(4326008)(70586007)(70206006)(356005)(316002)(40480700001)(47076005)(41300700001)(966005)(36860700001)(186003)(2616005)(26005)(83380400001)(336012)(6666004);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:24.4566 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e49c2f07-ddaa-462d-affe-08db56615545
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT036.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8324
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Modify flow table offload to cache the last ct info status that was passed
to the driver offload callbacks by extending enum nf_flow_flags with new
"NF_FLOW_HW_ESTABLISHED" flag. Set the flag if ctinfo was 'established'
during last act_ct meta actions fill call. This infrastructure change is
necessary to optimize promoting of UDP connections from 'new' to
'established' in following patches in this series.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 1a441a9b8be8849957a01413a144f84932c324cb)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 include/net/netfilter/nf_flow_table.h |  7 ++++---
 net/netfilter/nf_flow_table_inet.c    |  2 +-
 net/netfilter/nf_flow_table_offload.c |  6 +++---
 net/sched/act_ct.c                    | 12 +++++++-----
 4 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index aa50136..52418d2 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -57,7 +57,7 @@ struct nf_flowtable_type {
 						 struct net_device *dev,
 						 enum flow_block_command cmd);
 	int				(*action)(struct net *net,
-						  const struct flow_offload *flow,
+						  struct flow_offload *flow,
 						  enum flow_offload_tuple_dir dir,
 						  struct nf_flow_rule *flow_rule);
 	void				(*free)(struct nf_flowtable *ft);
@@ -165,6 +165,7 @@ enum nf_flow_flags {
 	NF_FLOW_HW_DEAD,
 	NF_FLOW_HW_PENDING,
 	NF_FLOW_HW_BIDIRECTIONAL,
+	NF_FLOW_HW_ESTABLISHED,
 };
 
 enum flow_offload_type {
@@ -313,10 +314,10 @@ void nf_flow_offload_stats(struct nf_flowtable *flowtable,
 int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
 				struct net_device *dev,
 				enum flow_block_command cmd);
-int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
+int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
 			    enum flow_offload_tuple_dir dir,
 			    struct nf_flow_rule *flow_rule);
-int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
+int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
 			    enum flow_offload_tuple_dir dir,
 			    struct nf_flow_rule *flow_rule);
 
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
index 280fdd3..30e58b5 100644
--- a/net/netfilter/nf_flow_table_inet.c
+++ b/net/netfilter/nf_flow_table_inet.c
@@ -39,7 +39,7 @@
 }
 
 static int nf_flow_rule_route_inet(struct net *net,
-				   const struct flow_offload *flow,
+				   struct flow_offload *flow,
 				   enum flow_offload_tuple_dir dir,
 				   struct nf_flow_rule *flow_rule)
 {
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 2e93a36..a051046 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -672,7 +672,7 @@ static void flow_offload_decap_tunnel(const struct flow_offload *flow,
 	return 0;
 }
 
-int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
+int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
 			    enum flow_offload_tuple_dir dir,
 			    struct nf_flow_rule *flow_rule)
 {
@@ -697,7 +697,7 @@ int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow,
 }
 EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv4);
 
-int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
+int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
 			    enum flow_offload_tuple_dir dir,
 			    struct nf_flow_rule *flow_rule)
 {
@@ -728,7 +728,7 @@ int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow,
 {
 	const struct nf_flowtable *flowtable = offload->flowtable;
 	const struct flow_offload_tuple *tuple, *other_tuple;
-	const struct flow_offload *flow = offload->flow;
+	struct flow_offload *flow = offload->flow;
 	struct dst_entry *other_dst = NULL;
 	struct nf_flow_rule *flow_rule;
 	int err = -ENOMEM;
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 31e3570..eb26f27 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -174,11 +174,11 @@ static void tcf_ct_add_mangle_action(struct flow_action *action,
 
 static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
 					      enum ip_conntrack_dir dir,
+					      enum ip_conntrack_info ctinfo,
 					      struct flow_action *action)
 {
 	struct nf_conn_labels *ct_labels;
 	struct flow_action_entry *entry;
-	enum ip_conntrack_info ctinfo;
 	u32 *act_ct_labels;
 
 	entry = tcf_ct_flow_table_flow_action_get_next(action);
@@ -186,8 +186,6 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
 #if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
 	entry->ct_metadata.mark = READ_ONCE(ct->mark);
 #endif
-	ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
-					     IP_CT_ESTABLISHED_REPLY;
 	/* aligns with the CT reference on the SKB nf_ct_set */
 	entry->ct_metadata.cookie = (unsigned long)ct | ctinfo;
 	entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL;
@@ -241,22 +239,26 @@ static int tcf_ct_flow_table_add_action_nat(struct net *net,
 }
 
 static int tcf_ct_flow_table_fill_actions(struct net *net,
-					  const struct flow_offload *flow,
+					  struct flow_offload *flow,
 					  enum flow_offload_tuple_dir tdir,
 					  struct nf_flow_rule *flow_rule)
 {
 	struct flow_action *action = &flow_rule->rule->action;
 	int num_entries = action->num_entries;
 	struct nf_conn *ct = flow->ct;
+	enum ip_conntrack_info ctinfo;
 	enum ip_conntrack_dir dir;
 	int i, err;
 
 	switch (tdir) {
 	case FLOW_OFFLOAD_DIR_ORIGINAL:
 		dir = IP_CT_DIR_ORIGINAL;
+		ctinfo = IP_CT_ESTABLISHED;
+		set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
 		break;
 	case FLOW_OFFLOAD_DIR_REPLY:
 		dir = IP_CT_DIR_REPLY;
+		ctinfo = IP_CT_ESTABLISHED_REPLY;
 		break;
 	default:
 		return -EOPNOTSUPP;
@@ -266,7 +268,7 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
 	if (err)
 		goto err_nat;
 
-	tcf_ct_flow_table_add_action_meta(ct, dir, action);
+	tcf_ct_flow_table_add_action_meta(ct, dir, ctinfo, action);
 	return 0;
 
 err_nat:

From patchwork Tue May 16 22:59:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782375
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=s321qQ/o;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtN230Gz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:44 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3ek-0008TA-IV; Tue, 16 May 2023 23:00:34 +0000
Received: from mail-dm6nam11on2068.outbound.protection.outlook.com
 ([40.107.223.68] helo=NAM11-DM6-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3ei-0008Pj-HC
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bxRQWhd06HYUtau5/E31/LqXoFU3kijGrVXqdO4UtEUT6r7agsGgUQ5Qa0jwAo4D6uRS+9w2UkKbjlHzdWNXXwoxLfdvlHx5RqVTu1T2sYpUSUUL8RjA62jSYDibJSshLpBh3EQFLPBzYvmsf7fr3drDjNcMzxLPm0nG1RP0tEOJ4uIOhipPIenBwsjQGRC7tcxsI0pBFb9xTacup9yXYR/vTY0+vzVNvyMNdz6SIETGlcoZUixDrY1O4TTOSmCeGDnUHHzo2Ci86BbCo0RXBkdNp3OFjNmBLrZuJ92DoCf7CKjUFUIUThgbIuAFmYihlMub2AmwQSPvSGB6nh6BaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OayDsd5HZqorCyxVH4LCG7Vvk/nXxlB1nyPglz7WiGg=;
 b=WxuBFny2BfY4e/+715SEKtkIXb7iOCAG83ATYIlM0fnavOd/zHGP/lELEbgcc6XLNPHjMO6i3gyb2ozPJX9yDwLU5jH88KcCYy6MJcDqd67J4wRh773QBdzF4GEmBb4btreKAUd/BBENKKk4r6uvgXPtW+9Ck9kHdYucg/kMpV3IJ0McZF6u2uWMLUbfT84/CKUJZX+N9RpeB0leHFG3XNCzTlXaPQ0Dm/bQFuOEI46DeDVwNt0Wm8WoZ9waq61h3jQ0B3pXyDfCDGbVRtVKOH05EhFR960APfTNIqQOuVlYdhkdKhqVkrxhaC+F0LXMZ26tR/xuqsaasiqAmq5ySw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OayDsd5HZqorCyxVH4LCG7Vvk/nXxlB1nyPglz7WiGg=;
 b=s321qQ/o4YYdRppJRxLozskej34KnPAJAHM3gt2y3AE18fM4bIkA9PWSFc0SWTWqHIcprS8tVKmyNs5McQOGaJQV8yXV4ny7Y/gAMgqLrOEncH+6udMpSg9yzA+GbTzr5It/00r9OQLh2wFYwh4BxvZUhAkfIBRYUKyk4b17w/ABjyxT11J+u8GzBxSvOfV4sI7Zmm6HV046JIof5J1wpCueh7VL9E/NQhTOGx+Weft26z69arvPnN9aJw0BwFpjZj9r7rInBsuOmyL5dLNgs3oxF1qpmyDYOlWfXgoJevFRED3eV37SyKsyTfpI5P6Ie4mRTJbPVX+5jPjRRllNEQ==
Received: from DM6PR11CA0055.namprd11.prod.outlook.com (2603:10b6:5:14c::32)
 by SN7PR12MB6765.namprd12.prod.outlook.com (2603:10b6:806:26b::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Tue, 16 May
 2023 23:00:30 +0000
Received: from DM6NAM11FT072.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:14c:cafe::6d) by DM6PR11CA0055.outlook.office365.com
 (2603:10b6:5:14c::32) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:30 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 DM6NAM11FT072.mail.protection.outlook.com (10.13.173.181) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.15 via Frontend Transport; Tue, 16 May 2023 23:00:29 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:12 -0700
Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:11 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:11 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSj019536;
 Wed, 17 May 2023 02:00:08 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 05/10] net/sched: act_ct: set
 ctinfo in meta action depending on ct state
Date: Tue, 16 May 2023 17:59:54 -0500
Message-ID: <1684277999-18029-6-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT072:EE_|SN7PR12MB6765:EE_
X-MS-Office365-Filtering-Correlation-Id: 26a10c26-a673-4268-8fd7-08db5661586e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 GIwdNPemv4VG+Q1NUUnqABLy5XbyMhDS2McvFiWYJRA7+dnOHymiAC8odmuI1Wc9uo9Nvy/kXBl8H16FF4lTsqGJr4AsKGs143hKhnbdVsIwEsMNNTzP9jOGm/Qzz9sytYRxi9BAhDB4UyDKPhhv3ylWq71H1B8ohOComLC/T1S7f4Y8CAlLSHZK6rksUyUGfYPLnzpgWd29T2R3poKjdN6Bct3LK7ziRo0B13GgSZ4OD5cw6ZOL8pF1I7DKL+kWa75zdbSy0NhReJbO0cRI012ygiqVQT0vtNnC3k8CKiaa4zj7B8l2dmbtqPT3mIFzCUJ6/co1EEZ73nahOrzBvAnI+XuqNlDj877ZLA37+lwpmlXTAGmo/QAB16zpvyHMW6FAu1aCKfuVWZi32lPu7lqcR3F7BqK+mganqYYzHZZccDK28+h/sQssjxLeF5cCgdt8lA27vcLbb3boEjB928WQgbJjG1KtNamylzC2/Bb6DIyvIC0Dr+wXu/xxr0M11voaVOGBwmNvyVNWy6//EOuoTOAQ8oQqOgJrIYRYR8rxjb89VnLAmuYbI4hXUha9FOSwd3FU40SGVo1GNDqcSaxvKvMPE4AQCq4S9ZVZpBTh4pnSkUo5wNpuVl3XNgDguTh6OZBW70/dtl5eyhK7JD7prOr+7YjBuHGAc8NLM3M2qk15+DL9dfqjCnKT4v13MNh6QNcd7mUzWAZFxYxcsceOKDvE7qsGtHRwhMp0X/GvjILjQcHNXj2hbIFPNN4BAlOG52KlQoieGdjUvDmFuJiBaKkLlEzXNIwV8+hFx0M=
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(376002)(396003)(136003)(346002)(39860400002)(451199021)(36840700001)(46966006)(40470700004)(478600001)(54906003)(40460700003)(8936002)(8676002)(2906002)(86362001)(36756003)(70206006)(6916009)(4326008)(82740400003)(316002)(5660300002)(82310400005)(40480700001)(70586007)(7636003)(356005)(41300700001)(83380400001)(26005)(36860700001)(336012)(186003)(2616005)(966005)(6666004)(47076005);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:29.7108 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 26a10c26-a673-4268-8fd7-08db5661586e
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT072.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6765
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Currently tcf_ct_flow_table_fill_actions() function assumes that only
established connections can be offloaded and always sets ctinfo to either
IP_CT_ESTABLISHED or IP_CT_ESTABLISHED_REPLY strictly based on direction
without checking actual connection state. To enable UDP NEW connection
offload set the ctinfo, metadata cookie and NF_FLOW_HW_ESTABLISHED
flow_offload flags bit based on ct->status value.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit d5774cb6c55c8721c2daf57cc5e5345e3af286ea)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/sched/act_ct.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index eb26f27..1c21743 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -253,8 +253,10 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
 	switch (tdir) {
 	case FLOW_OFFLOAD_DIR_ORIGINAL:
 		dir = IP_CT_DIR_ORIGINAL;
-		ctinfo = IP_CT_ESTABLISHED;
-		set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
+		ctinfo = test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ?
+			IP_CT_ESTABLISHED : IP_CT_NEW;
+		if (ctinfo == IP_CT_ESTABLISHED)
+			set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
 		break;
 	case FLOW_OFFLOAD_DIR_REPLY:
 		dir = IP_CT_DIR_REPLY;

From patchwork Tue May 16 22:59:55 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782377
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=mdd0ESg4;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtW24G3z20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:51 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3eq-0000BJ-Ub; Tue, 16 May 2023 23:00:41 +0000
Received: from mail-mw2nam04on2068.outbound.protection.outlook.com
 ([40.107.101.68] helo=NAM04-MW2-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3el-0008Sr-8i
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=BqwIs/9F/X/HayT7tMUzVhd+9AS4t/n2PAT4eo35+PTpXVvVVeuMLEW2C+UjLLmfVPVPfpyvigEkzm+bH2CKfEIBpfMxEIzwNX8KMo6INF470jaYSuDVFqJEB35LBJmtXFq7LbUCmM+Vsks5Dq7empRyKgVU+QmGW80L9N2TLJQvGvF2erjVTA9p5YY5pu9UB1b2gYAA/DLAXBdvl3VUgBTHc4/Bf2yRZ/6AK5clFjnTxbH/zdTWzLqDYGfyCvmU02uCO6xSQQz5g4J6mU/JdXAaYLQqxeE4ntinTZLjZ6q5uE+c1diSqdUJelG6s0vmD93P5eKYyFxegB7g3u5xQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=5TfnRXW4xAp2KQpJpH4SxnxOLCFI7NKwC6Rd7YJ2JlE=;
 b=j67D6Hs/x3vzL4fkpVwlc5KjRx7e0d6zp5NmnFQm/qF/QHl+ConorWxf7y2ZNl/fPg61SZ44Zi1hKlw1EAp4Ky/yJHAVAqeyFx+5/1tv7S4MtAnSGI9J02mXv5a5HMVUjeuf5FiEtBT1BurWyM3ztyojaAsw97Lc+UOTRqGjoS/opjZvuDQf89jTL3y7wsTZFAgAvRc2K0PskS41cDTMAsp9uD5S3hubuOnQxTk3DoXNia7vO8rSFNUo3SBCEKCijXydCz3U6uNTHiX6w1aSzpmpNbRqvMAI26X+6DkmdpKkMe9sins6a6dRq7322DwpRc1aq25Uch4HZb9p/KFeCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=5TfnRXW4xAp2KQpJpH4SxnxOLCFI7NKwC6Rd7YJ2JlE=;
 b=mdd0ESg4BAOeQrEHLiRD2jbgaw1OMJ+okF/fcyfth7H6rCrMckMXDkiZOu4cBjVvU5ysdyEkzlVaRRC41iNNWvQXcfuFStqv1ZcvoCFpralBGEaqFkxl6HElSWj1U/gEjmyIXgw1TMHYGSJ8RXyCFkvanHmhyfw+Y+RaeWnKJn1i6R6/mS0gYGg50Mzufq5ezOreZfYFkPUNur7hl4i/A9PR0d2b7mdHvM8IFcEB2tg3MEb+V3jN8vvwM5DRYLG/wxTOxb19aNdQ1o14Vf8/Vbhjw+RBEpGQXmA+uTBJyVZXa4gKppBhZCMliarqR3aldSJ7Wmf93Ub/A/cS2lX6/w==
Received: from DM6PR06CA0041.namprd06.prod.outlook.com (2603:10b6:5:54::18) by
 CH3PR12MB8904.namprd12.prod.outlook.com (2603:10b6:610:167::9) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6387.32; Tue, 16 May 2023 23:00:31 +0000
Received: from DM6NAM11FT068.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:54:cafe::3e) by DM6PR06CA0041.outlook.office365.com
 (2603:10b6:5:54::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:31 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 DM6NAM11FT068.mail.protection.outlook.com (10.13.173.67) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.15 via Frontend Transport; Tue, 16 May 2023 23:00:30 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:13 -0700
Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:13 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:13 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSk019536;
 Wed, 17 May 2023 02:00:10 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 06/10] netfilter: flowtable:
 Support GRE
Date: Tue, 16 May 2023 17:59:55 -0500
Message-ID: <1684277999-18029-7-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT068:EE_|CH3PR12MB8904:EE_
X-MS-Office365-Filtering-Correlation-Id: 29075d8b-7f75-4152-6165-08db5661592c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 ub3Shre4D3sx9ndSdjvZHVT74xglij330GgdqAkU446HHtkcyeUEozq9DRYB285mqy8016hy3iJUa7hCuf7grp4mhono15O4C9MFNbTyffvz1gyD+ZxMJ/HvaB94uQbZmXDPCpGdECosO19sGun7uOYa8EmgfEKnvuE/ZaR4cAzoNgZqXB5yh5dG2BNyAU8mi7HxfVbLFjh2cLoZywb37mfwH5aNMMnR3lP8Ji++EzmcQ9m40jKOE6dLKQkqwZ6Es/9YmmLpgSb1QASF8j0Zfp6zXRafVMU4fqFt+gKk4wCTTzpCnRYs1o+ZMTm+8wH2+tu19dbRBbMQdkt90xJUpMSffRCRIGZIjCIPGgvTobooMExVTl0RqYeTwTFb8f1H3McUhRIP5qGnkN9/tpST1XS6FaoDWZzX4VigO0qk5Rh8t0ARe1clysHAg788B2tfetA9q1VM4pbhXvTCG2uq86yMxtc+vAyIx/d8rIqdS+jBTWRrfI+E/ygHyqPHLGSZjGPQjZT1q+XDZezmKhUhh6RaYGyYQHChU/Vejnb8ShvgSJNXffAMd/onX1azbgHbB/wRcaSsXk9HE8ef1fnfpzVW4P2cguTihJeDsHNjehdSztx6F8/V1CAqyyKi/aVCQRdF1bWPdiqj4NIrDZCTAj4zSy5hyisvENy/6GuhsUP5mWYm27f6xZDiaUe9o4tkaF540AZMYOTa6ABqrBfWZPu6riX/MFaBCjQeTOaWsGORgtF0ikjviUKo6mcM40RX7YDPDX0Ur6+S12jDARQ+ZXHNgVcgmboEkeQmyDRO9Dk=
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(346002)(396003)(136003)(376002)(39860400002)(451199021)(36840700001)(40470700004)(46966006)(36756003)(86362001)(316002)(54906003)(70586007)(6916009)(70206006)(4326008)(478600001)(966005)(6666004)(2616005)(40480700001)(82310400005)(8936002)(2906002)(5660300002)(8676002)(41300700001)(356005)(82740400003)(7636003)(186003)(336012)(26005)(36860700001)(47076005)(83380400001)(40460700003);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:30.9548 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 29075d8b-7f75-4152-6165-08db5661592c
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT068.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8904
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshiaki Makita <toshiaki.makita1@gmail.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Support GREv0 without NAT.

Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 4e8d9584d154479d357327f76d4e49486915c9c9)
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/netfilter/nf_flow_table_core.c    | 10 ++++--
 net/netfilter/nf_flow_table_ip.c      | 62 +++++++++++++++++++++++++++++------
 net/netfilter/nf_flow_table_offload.c | 22 +++++++++----
 net/netfilter/nft_flow_offload.c      | 13 ++++++++
 4 files changed, 88 insertions(+), 19 deletions(-)

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 946cdcc..30db728 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -39,8 +39,14 @@
 
 	ft->l3proto = ctt->src.l3num;
 	ft->l4proto = ctt->dst.protonum;
-	ft->src_port = ctt->src.u.tcp.port;
-	ft->dst_port = ctt->dst.u.tcp.port;
+
+	switch (ctt->dst.protonum) {
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+		ft->src_port = ctt->src.u.tcp.port;
+		ft->dst_port = ctt->dst.u.tcp.port;
+		break;
+	}
 }
 
 struct flow_offload *flow_offload_alloc(struct nf_conn *ct)
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 2802646..b0abb36 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -170,6 +170,7 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev,
 	struct flow_ports *ports;
 	unsigned int thoff;
 	struct iphdr *iph;
+	u8 ipproto;
 
 	if (!pskb_may_pull(skb, sizeof(*iph) + offset))
 		return -1;
@@ -183,13 +184,19 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev,
 
 	thoff += offset;
 
-	switch (iph->protocol) {
+	ipproto = iph->protocol;
+	switch (ipproto) {
 	case IPPROTO_TCP:
 		*hdrsize = sizeof(struct tcphdr);
 		break;
 	case IPPROTO_UDP:
 		*hdrsize = sizeof(struct udphdr);
 		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE:
+		*hdrsize = sizeof(struct gre_base_hdr);
+		break;
+#endif
 	default:
 		return -1;
 	}
@@ -200,15 +207,29 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev,
 	if (!pskb_may_pull(skb, thoff + *hdrsize))
 		return -1;
 
+	switch (ipproto) {
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+		ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
+		tuple->src_port		= ports->source;
+		tuple->dst_port		= ports->dest;
+		break;
+	case IPPROTO_GRE: {
+		struct gre_base_hdr *greh;
+
+		greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff);
+		if ((greh->flags & GRE_VERSION) != GRE_VERSION_0)
+			return -1;
+		break;
+	}
+	}
+
 	iph = (struct iphdr *)(skb_network_header(skb) + offset);
-	ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
 
 	tuple->src_v4.s_addr	= iph->saddr;
 	tuple->dst_v4.s_addr	= iph->daddr;
-	tuple->src_port		= ports->source;
-	tuple->dst_port		= ports->dest;
 	tuple->l3proto		= AF_INET;
-	tuple->l4proto		= iph->protocol;
+	tuple->l4proto		= ipproto;
 	tuple->iifidx		= dev->ifindex;
 	nf_flow_tuple_encap(skb, tuple);
 
@@ -517,6 +538,7 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev,
 	struct flow_ports *ports;
 	struct ipv6hdr *ip6h;
 	unsigned int thoff;
+	u8 nexthdr;
 
 	thoff = sizeof(*ip6h) + offset;
 	if (!pskb_may_pull(skb, thoff))
@@ -524,13 +546,19 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev,
 
 	ip6h = (struct ipv6hdr *)(skb_network_header(skb) + offset);
 
-	switch (ip6h->nexthdr) {
+	nexthdr = ip6h->nexthdr;
+	switch (nexthdr) {
 	case IPPROTO_TCP:
 		*hdrsize = sizeof(struct tcphdr);
 		break;
 	case IPPROTO_UDP:
 		*hdrsize = sizeof(struct udphdr);
 		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE:
+		*hdrsize = sizeof(struct gre_base_hdr);
+		break;
+#endif
 	default:
 		return -1;
 	}
@@ -541,15 +569,29 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev,
 	if (!pskb_may_pull(skb, thoff + *hdrsize))
 		return -1;
 
+	switch (nexthdr) {
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+		ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
+		tuple->src_port		= ports->source;
+		tuple->dst_port		= ports->dest;
+		break;
+	case IPPROTO_GRE: {
+		struct gre_base_hdr *greh;
+
+		greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff);
+		if ((greh->flags & GRE_VERSION) != GRE_VERSION_0)
+			return -1;
+		break;
+	}
+	}
+
 	ip6h = (struct ipv6hdr *)(skb_network_header(skb) + offset);
-	ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
 
 	tuple->src_v6		= ip6h->saddr;
 	tuple->dst_v6		= ip6h->daddr;
-	tuple->src_port		= ports->source;
-	tuple->dst_port		= ports->dest;
 	tuple->l3proto		= AF_INET6;
-	tuple->l4proto		= ip6h->nexthdr;
+	tuple->l4proto		= nexthdr;
 	tuple->iifidx		= dev->ifindex;
 	nf_flow_tuple_encap(skb, tuple);
 
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index a051046..8909e24 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -174,6 +174,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
 		match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_TCP);
 		break;
 	case IPPROTO_UDP:
+	case IPPROTO_GRE:
 		break;
 	default:
 		return -EOPNOTSUPP;
@@ -182,15 +183,22 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
 	key->basic.ip_proto = tuple->l4proto;
 	mask->basic.ip_proto = 0xff;
 
-	key->tp.src = tuple->src_port;
-	mask->tp.src = 0xffff;
-	key->tp.dst = tuple->dst_port;
-	mask->tp.dst = 0xffff;
-
 	match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_META) |
 				      BIT(FLOW_DISSECTOR_KEY_CONTROL) |
-				      BIT(FLOW_DISSECTOR_KEY_BASIC) |
-				      BIT(FLOW_DISSECTOR_KEY_PORTS);
+				      BIT(FLOW_DISSECTOR_KEY_BASIC);
+
+	switch (tuple->l4proto) {
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+		key->tp.src = tuple->src_port;
+		mask->tp.src = 0xffff;
+		key->tp.dst = tuple->dst_port;
+		mask->tp.dst = 0xffff;
+
+		match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_PORTS);
+		break;
+	}
+
 	return 0;
 }
 
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index aac6db8..a5e687a 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -304,6 +304,19 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
 		break;
 	case IPPROTO_UDP:
 		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE: {
+		struct nf_conntrack_tuple *tuple;
+
+		if (ct->status & IPS_NAT_MASK)
+			goto out;
+		tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
+		/* No support for GRE v1 */
+		if (tuple->src.u.gre.key || tuple->dst.u.gre.key)
+			goto out;
+		break;
+	}
+#endif
 	default:
 		goto out;
 	}

From patchwork Tue May 16 22:59:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782376
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=cICGzpdY;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtS6R6bz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:48 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3eo-00007U-M6; Tue, 16 May 2023 23:00:38 +0000
Received: from mail-co1nam11on2089.outbound.protection.outlook.com
 ([40.107.220.89] helo=NAM11-CO1-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3el-0008Sn-5w
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Z7/hloJMJ14wltjcXzSBNHRHXDWvX/cxAM+8wgK255o6BvRwRxfrG1zqn4VMa1RWiGjvcGE4+zEw7f9eWLr8M5FlD1WD9Nu6M1ZUQxSqeXpwL55OL1J96FoMN2lrv0txptpUIe1umCx1FYXAAx7kDff8YOXNl/PneshSjoJxFnk8WkD6CzuWDbsSuxWHpTWxvZM05T5jZraOuRrGCiY9yYolIKES4v0vZWOZk01U1OV0QZPRdontSw4pe9AlMWs7A17MAfqwn5MNOBDe4hijnEKiiZeLQra9beLduxXOJv26I5cwl5HzAs8+/PgxVlphLkaVbb42JYWzUW9XW/PAwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=gYXM3PEJkuC9QXY3wdMPm28OpoH9SR068STrNhosAAI=;
 b=mkeHxc5qwmLNNimR8+7XbfS/5/CDMUYIUkeCwzhfYYkaQHL4DA4MpKNIKqeSBrAbTlTWIb3vrLMWW2sgDL/92i0hZ3eZdQzbSWMIVG7VOUOWwSQcTx27jAL4BVs9DSCS0zgzXtRKiVnNfsRjv6gxQzozDoJga9djoJmB/Mf7D8pQOiXdE3Kvl2BzuVF1MGwAhPoB3oj22N8MTWu6azrZBpcJ4l/3Ce7N0M+NVk8G0HRsGINiJOV3QHTAoMzUKlVr241xx0gXJa3pj8GCKhTLXM3sgYMGfSqvPE543T8SsjntODeQ1CmWFIDQ/Fg6JNgOc1s7VgrLOA/2HGhVVtKGYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.118.232) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=gYXM3PEJkuC9QXY3wdMPm28OpoH9SR068STrNhosAAI=;
 b=cICGzpdY2Z73x40ytAsvrmmPwBfHj3tgv81aGxxN3iUsudxGfEzNiGZM3X4gulLprsCGrsbKJz2dvdyDTYwzJdfK75sV9xZOPjWHYcycLJ2xpjrZlcQaucNsEcT/gigyk8c8IOfsia7sDvS5736oXGOMsn6NIgXv8Vn06kOSGWuthupsTQ9WHoqx07KzTzPKdotJE8sHx/6xyyqC/l8UJlkETThjq/BCZngMjWaA7Kp+i64NE6T45+W6YQ+7Q+665A4X9odezqEVOEX15sB6yBrhN0AYmo7Nt+IBLb0z1QJv/2hnoin0Nhea7T9pe+mjangOwi3/1kxSKV8xZnpzuQ==
Received: from DS7PR06CA0035.namprd06.prod.outlook.com (2603:10b6:8:54::9) by
 DM6PR12MB5024.namprd12.prod.outlook.com (2603:10b6:5:20a::12) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6387.30; Tue, 16 May 2023 23:00:32 +0000
Received: from DM6NAM11FT077.eop-nam11.prod.protection.outlook.com
 (2603:10b6:8:54:cafe::8e) by DS7PR06CA0035.outlook.office365.com
 (2603:10b6:8:54::9) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:31 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.232 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.118.232) by
 DM6NAM11FT077.mail.protection.outlook.com (10.13.173.147) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.17 via Frontend Transport; Tue, 16 May 2023 23:00:31 +0000
Received: from drhqmail202.nvidia.com (10.126.190.181) by mail.nvidia.com
 (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:16 -0700
Received: from drhqmail202.nvidia.com (10.126.190.181) by
 drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.986.37; Tue, 16 May 2023 16:00:15 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:15 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSl019536;
 Wed, 17 May 2023 02:00:11 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 07/10] act_ct: Support GRE offload
Date: Tue, 16 May 2023 17:59:56 -0500
Message-ID: <1684277999-18029-8-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT077:EE_|DM6PR12MB5024:EE_
X-MS-Office365-Filtering-Correlation-Id: 22533d4c-c17f-4d42-9f1f-08db56615997
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 r0ZBYUPLCPXDNvdYHxzElOghzrYYmx4J6ftQ6ZPMrEgbeUq0veZuVMpcCnEatBhQGGGY1pXr6LtvNc/3r1XKCV93d7gIekSKgDuGIjZks+etYKaytJ7Rbbw0B2sOazmMsoWJ1RhuataLHr51DMPGpFJnEDG1LSQVMcPILY6ixK3f/fhuPqIqOxelX2a9wLb8K1LmMN/2/hLGy7fYDZuoGawt+FrX3uf7EuNTNUX2MvMxfYGo4i4MVguiY3wJrM48H6EIwvlbiKtenk1C8lVjhpDdi0HWUHQ9cR9wcd0vQOcvaxfXksLB4WBcmC6os6ypqWrmiEjt3U8WpDIsiulaU3T4VnNkQ6Vq3UAixxnwz3k03wXtkix0+bdOzL2KpgLvu2JXDZ+32C0RcPC64+Kk10FO0oDji+yiK65L7fFdV6kzgR83R3m5pU3ZWV1lUxLjJN0rOMsIF+dtuOeRp0JOBnL25AbfcVl86qfMEFTwRn8AvX9U78kTyglgJX7E+7xStD/E1tg6WvKx5Dc3M9q1p7pZcyti4TRVPM+8qQFruDz/tRVqU0znJw0SpoK4fuoo9YHxqIWZRcbj+Ug4cYWMVjwylmxSAtb+e6F5uSkwmXlsYLEBvR4z+Xb5yCsw503hMI4iK+CJhBmb60nuSCMSXxlz/dowxtNw3QOt3kkqyBu5GUbqSba0pbvJzxYsFkrwQZNxqndC4Vkpo3wVyiF5r4ubLmuf0iKQP/JHlgnROHEFRD0ILgLWZbgggObnm+nmb56wq3Cdf//mXQB4Z0nkTE3Y8h8hZEebilAyliIS9MLVhuXYP1CAuYgfsNojQBsi
X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(39860400002)(136003)(396003)(346002)(376002)(451199021)(40470700004)(46966006)(36840700001)(82310400005)(336012)(36860700001)(47076005)(83380400001)(316002)(82740400003)(6916009)(4326008)(36756003)(356005)(41300700001)(7636003)(40480700001)(478600001)(8936002)(70586007)(70206006)(2616005)(966005)(26005)(86362001)(5660300002)(8676002)(2906002)(40460700003)(54906003)(186003)(6666004)(334744004);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:31.6576 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 22533d4c-c17f-4d42-9f1f-08db56615997
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT077.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5024
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshiaki Makita <toshiaki.makita1@gmail.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Support GREv0 without NAT.

Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Acked-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit fcb6aa86532c1f321440f56f739a26ef856e6475)
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/sched/act_ct.c | 115 ++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 91 insertions(+), 24 deletions(-)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 1c21743..fb58c83 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -430,6 +430,19 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 		break;
 	case IPPROTO_UDP:
 		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE: {
+		struct nf_conntrack_tuple *tuple;
+
+		if (ct->status & IPS_NAT_MASK)
+			return;
+		tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
+		/* No support for GRE v1 */
+		if (tuple->src.u.gre.key || tuple->dst.u.gre.key)
+			return;
+		break;
+	}
+#endif
 	default:
 		return;
 	}
@@ -449,6 +462,8 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 	struct flow_ports *ports;
 	unsigned int thoff;
 	struct iphdr *iph;
+	size_t hdrsize;
+	u8 ipproto;
 
 	if (!pskb_network_may_pull(skb, sizeof(*iph)))
 		return false;
@@ -460,29 +475,54 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 	    unlikely(thoff != sizeof(struct iphdr)))
 		return false;
 
-	if (iph->protocol != IPPROTO_TCP &&
-	    iph->protocol != IPPROTO_UDP)
+	ipproto = iph->protocol;
+	switch (ipproto) {
+	case IPPROTO_TCP:
+		hdrsize = sizeof(struct tcphdr);
+		break;
+	case IPPROTO_UDP:
+		hdrsize = sizeof(*ports);
+		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE:
+		hdrsize = sizeof(struct gre_base_hdr);
+		break;
+#endif
+	default:
 		return false;
+	}
 
 	if (iph->ttl <= 1)
 		return false;
 
-	if (!pskb_network_may_pull(skb, iph->protocol == IPPROTO_TCP ?
-					thoff + sizeof(struct tcphdr) :
-					thoff + sizeof(*ports)))
+	if (!pskb_network_may_pull(skb, thoff + hdrsize))
 		return false;
 
-	iph = ip_hdr(skb);
-	if (iph->protocol == IPPROTO_TCP)
+	switch (ipproto) {
+	case IPPROTO_TCP:
 		*tcph = (void *)(skb_network_header(skb) + thoff);
+		fallthrough;
+	case IPPROTO_UDP:
+		ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
+		tuple->src_port = ports->source;
+		tuple->dst_port = ports->dest;
+		break;
+	case IPPROTO_GRE: {
+		struct gre_base_hdr *greh;
+
+		greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff);
+		if ((greh->flags & GRE_VERSION) != GRE_VERSION_0)
+			return false;
+		break;
+	}
+	}
+
+	iph = ip_hdr(skb);
 
-	ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
 	tuple->src_v4.s_addr = iph->saddr;
 	tuple->dst_v4.s_addr = iph->daddr;
-	tuple->src_port = ports->source;
-	tuple->dst_port = ports->dest;
 	tuple->l3proto = AF_INET;
-	tuple->l4proto = iph->protocol;
+	tuple->l4proto = ipproto;
 
 	return true;
 }
@@ -495,36 +535,63 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 	struct flow_ports *ports;
 	struct ipv6hdr *ip6h;
 	unsigned int thoff;
+	size_t hdrsize;
+	u8 nexthdr;
 
 	if (!pskb_network_may_pull(skb, sizeof(*ip6h)))
 		return false;
 
 	ip6h = ipv6_hdr(skb);
+	thoff = sizeof(*ip6h);
 
-	if (ip6h->nexthdr != IPPROTO_TCP &&
-	    ip6h->nexthdr != IPPROTO_UDP)
-		return false;
+	nexthdr = ip6h->nexthdr;
+	switch (nexthdr) {
+	case IPPROTO_TCP:
+		hdrsize = sizeof(struct tcphdr);
+		break;
+	case IPPROTO_UDP:
+		hdrsize = sizeof(*ports);
+		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE:
+		hdrsize = sizeof(struct gre_base_hdr);
+		break;
+#endif
+	default:
+		return -1;
+	}
 
 	if (ip6h->hop_limit <= 1)
 		return false;
 
-	thoff = sizeof(*ip6h);
-	if (!pskb_network_may_pull(skb, ip6h->nexthdr == IPPROTO_TCP ?
-					thoff + sizeof(struct tcphdr) :
-					thoff + sizeof(*ports)))
+	if (!pskb_network_may_pull(skb, thoff + hdrsize))
 		return false;
 
-	ip6h = ipv6_hdr(skb);
-	if (ip6h->nexthdr == IPPROTO_TCP)
+	switch (nexthdr) {
+	case IPPROTO_TCP:
 		*tcph = (void *)(skb_network_header(skb) + thoff);
+		fallthrough;
+	case IPPROTO_UDP:
+		ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
+		tuple->src_port = ports->source;
+		tuple->dst_port = ports->dest;
+		break;
+	case IPPROTO_GRE: {
+		struct gre_base_hdr *greh;
+
+		greh = (struct gre_base_hdr *)(skb_network_header(skb) + thoff);
+		if ((greh->flags & GRE_VERSION) != GRE_VERSION_0)
+			return false;
+		break;
+	}
+	}
+
+	ip6h = ipv6_hdr(skb);
 
-	ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
 	tuple->src_v6 = ip6h->saddr;
 	tuple->dst_v6 = ip6h->daddr;
-	tuple->src_port = ports->source;
-	tuple->dst_port = ports->dest;
 	tuple->l3proto = AF_INET6;
-	tuple->l4proto = ip6h->nexthdr;
+	tuple->l4proto = nexthdr;
 
 	return true;
 }

From patchwork Tue May 16 22:59:57 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782378
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=HEhI0vMq;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtZ1Bljz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:54 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3et-0000GB-SR; Tue, 16 May 2023 23:00:43 +0000
Received: from mail-bn8nam11on2040.outbound.protection.outlook.com
 ([40.107.236.40] helo=NAM11-BN8-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3ep-00007C-E6
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=huweVLtaX2VUL9wEo4AXf3LkD08uR4d081vJHfZbaDwx2BEg+TdsRBGMr4k+pjRI6KOV/xc4xba0ZE0wX222Rp1OSupxsNQBp2Hi2+2xQ4zZULgQXyJ83yCG+t+W4nLXb6vKSapdN8i7GF/WiFEp4Awbx1zp+6FEB0yWi1Zf1wVW9Dp0I4hp3RRnT4PwGeC+Qou9dr4+iXwJ9FtAKflHUCQect1CtV3KyHc7sihnpf9gH76hz0YLajE3f/vH5nrbFD6Sg3U20S4+h0M73KuK5+fQpRSJjZbwCFcsrPIrWfevzM6gq4s8dpPXYN9t5BLnTurSGPDIM65O33p0xGYJGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=0GzF6PmWjZq8KjA2p2cg/6Ppsiq9LZcabmfUDqlOQCk=;
 b=hUUHf0SuNxrnQqJFIDSRB+4XfAjEROR5Cwc4c3f9hQ0DgoTt6UCf84tuH5/4l4VBkImXd6/0ktieobiOTKEDKg8+YLXKwN8iWwI1fYmQ59iOAoWebaJw+Tx6nWud3Yg/+rdlcMhWEsxqooJNEGODZnjnQHkbrh6NBXQrEeKNDJrh4MsNHgEy73pwn4mjhW3m3TgEoWNoYr33bTEvsUH0qv29Y5PcIh8XpBanYZLzFlFdSmDjdX17q7z08qgJ6TIUatt14Ncr+1kQm8f+bSm9kFmwA4Rvp1mvbnNdZ2xSU6LH7CqrftvxtiZcbWK5hpOvbNK3x7OlRjvZiJXZ58UBCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=0GzF6PmWjZq8KjA2p2cg/6Ppsiq9LZcabmfUDqlOQCk=;
 b=HEhI0vMqhiSg1cPF1A5mGl883RcisF/nqXFH9JD0cMVOu0zgoewMXgjqLUVvrW7/kS2nAL53QOewf8s+x3N+0WO0paOEIso2V40mdnZx77KjnWIkCBFhc47jJU2Gp+ATnKnobHMshhOWaKaWKftMEAefQMvGZymSrOan27g10F5mlQJjo+6TptuQgfiq/O6t9PLrRr1VR9krRlQKY9pehpK0z+tULjtoX3LBi7Iv4CsNICyJyA2VUnFZIHi14HypTp37qbr1qP+LfNU00MZZ6OYes/9oeb7CqtvB7tKv8b7JJcE6zPuMp7sq+S/JOS3J6RnpjbmES1mMOoqVp6/FNw==
Received: from DM6PR11CA0064.namprd11.prod.outlook.com (2603:10b6:5:14c::41)
 by CH0PR12MB5106.namprd12.prod.outlook.com (2603:10b6:610:bd::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33; Tue, 16 May
 2023 23:00:36 +0000
Received: from DM6NAM11FT072.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:14c:cafe::b9) by DM6PR11CA0064.outlook.office365.com
 (2603:10b6:5:14c::41) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:36 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 DM6NAM11FT072.mail.protection.outlook.com (10.13.173.181) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.15 via Frontend Transport; Tue, 16 May 2023 23:00:36 +0000
Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:17 -0700
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail205.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:17 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:16 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSm019536;
 Wed, 17 May 2023 02:00:13 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 08/10] net/mlx5: Support GRE
 conntrack offload
Date: Tue, 16 May 2023 17:59:57 -0500
Message-ID: <1684277999-18029-9-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT072:EE_|CH0PR12MB5106:EE_
X-MS-Office365-Filtering-Correlation-Id: e1cf17f7-8a3c-4b1a-52a7-08db56615c2f
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 AwlAchJx4zfPGCZNhXpCHkp21k87OTLvyGtwa4hOz8u9+AjSWGB0Z0ZNfVqictL1U1KbtNbUGr1rxD2+CiyRx7HVVRr9Tpz7aJrq70oWQiR5VJFhGnD9fS+WNeGif+0462J9y4nd2sKKyTqtnSAHts8cfaWZ+hb2FMv1yd/5OgLFqiDcpirZkqua2OloaihQhc/wGY7aV7Ovnx9P/ANhq7q93kVs70gnJnMTUTRwf0e6Tj/4DRla1dnAI6n+GGY6ZyAgNd1P+S27LIu/MDbkkBey0kb6LG/V8WvekSxyATVNc565Zf6zZaHXmvNoyLvP2FZ1agAHPGc9621/6PExdM9rOmrGOiEPEPRd5GVJM9IeZn8+dSNvRABMNnZh7i4yvZkB6ieB3mkkGC0cD/gSy9zqyotbkpL3R3r1FVOvO/dLBqlzy9rMYkFg1xFmJCL5OuM85IfCMJLitPAkByU0CDbHBd7DfvIB3pVSKBeTh7Rc6kszOWak+Cs6YX4o8TbeGGnDfMB/zd/pNpDjxgfCFEOoiC6ciSn7wcLJmMccydJMh4rB9Nvka4jYZ9G7UwCc80iUnxtZeicwChdA4z2ZAxjL5ERmNY3/S9/Zixbz+KXCnNXCpTshwlsFsce8RplaTzM/TKleCjsNtF3JC1XLR4OaF+z+i+bfOz7i3AoUNJcitlKP6nDV7ft6ySonpfljYnRg0uXcGbpGOiwF5GWFUj4GZPbPE7Mr9w3qkJWrMkP64NgZ/0g+qLmlz9h2I0BtWqjI129hFxIP6q201lmdWpJHzuQSNdDoOUM7rPdBjlQ=
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(396003)(346002)(136003)(39860400002)(376002)(451199021)(40470700004)(46966006)(36840700001)(4326008)(36756003)(6916009)(2906002)(336012)(8936002)(5660300002)(86362001)(8676002)(40460700003)(41300700001)(40480700001)(70206006)(70586007)(54906003)(316002)(478600001)(6666004)(82740400003)(26005)(7636003)(356005)(83380400001)(47076005)(36860700001)(82310400005)(2616005)(966005)(186003);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:36.0072 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e1cf17f7-8a3c-4b1a-52a7-08db56615c2f
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT072.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5106
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshiaki Makita <toshiaki.makita1@gmail.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Support GREv0 without NAT.

Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Acked-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 1918ace1382d43430c8a61294fa4385065a46804)
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
index 53684ac..f68ac73 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -251,7 +251,8 @@ struct mlx5_ct_entry {
 			return -EOPNOTSUPP;
 		}
 	} else {
-		return -EOPNOTSUPP;
+		if (tuple->ip_proto != IPPROTO_GRE)
+			return -EOPNOTSUPP;
 	}
 
 	return 0;
@@ -767,7 +768,11 @@ struct mlx5_ct_entry {
 	attr->dest_chain = 0;
 	attr->dest_ft = mlx5e_tc_post_act_get_ft(ct_priv->post_act);
 	attr->ft = nat ? ct_priv->ct_nat : ct_priv->ct;
-	attr->outer_match_level = MLX5_MATCH_L4;
+	if (entry->tuple.ip_proto == IPPROTO_TCP ||
+	    entry->tuple.ip_proto == IPPROTO_UDP)
+		attr->outer_match_level = MLX5_MATCH_L4;
+	else
+		attr->outer_match_level = MLX5_MATCH_L3;
 	attr->counter = entry->counter->counter;
 	attr->flags |= MLX5_ESW_ATTR_FLAG_NO_IN_PORT;
 	if (ct_priv->ns_type == MLX5_FLOW_NAMESPACE_FDB)
@@ -1191,16 +1196,20 @@ static void mlx5_tc_ct_entry_del_work(struct work_struct *work)
 	struct flow_keys flow_keys;
 
 	skb_reset_network_header(skb);
-	skb_flow_dissect_flow_keys(skb, &flow_keys, 0);
+	skb_flow_dissect_flow_keys(skb, &flow_keys, FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP);
 
 	tuple->zone = zone;
 
 	if (flow_keys.basic.ip_proto != IPPROTO_TCP &&
-	    flow_keys.basic.ip_proto != IPPROTO_UDP)
+	    flow_keys.basic.ip_proto != IPPROTO_UDP &&
+	    flow_keys.basic.ip_proto != IPPROTO_GRE)
 		return false;
 
-	tuple->port.src = flow_keys.ports.src;
-	tuple->port.dst = flow_keys.ports.dst;
+	if (flow_keys.basic.ip_proto == IPPROTO_TCP ||
+	    flow_keys.basic.ip_proto == IPPROTO_UDP) {
+		tuple->port.src = flow_keys.ports.src;
+		tuple->port.dst = flow_keys.ports.dst;
+	}
 	tuple->n_proto = flow_keys.basic.n_proto;
 	tuple->ip_proto = flow_keys.basic.ip_proto;
 

From patchwork Tue May 16 22:59:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782379
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=RBsPa0x0;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtf0x9zz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:58 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3ez-0000PH-0I; Tue, 16 May 2023 23:00:49 +0000
Received: from mail-mw2nam12on2054.outbound.protection.outlook.com
 ([40.107.244.54] helo=NAM12-MW2-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3et-0000D6-Re
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:44 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=mJiQpNcoJqLpYZJEf1QewNx/8TRvEc/gLKQY1APHVTz8NVymLFGwik9XssbMn2md97wVsPkRzBaup66DMG38x8RCI5in9qNeBFxxbreTye8q24pfWd0zkpghhE7+945s/H1b7W98W5EpR2lO9ZA4kf9S7YaN0AOwoDlm0uiGgxRAKfL78M+LBMb9bV3VKWlbIlHse1bUUTcUBSQ4ljKFOix1lOO4gu5umimhVdHhY0/ovldNJ8mahuMvoQrfggKV9jtn5wbF3BCIdFV5UK9FVdloypvknsnDDqI2triT083qDhebfEvvs0fM7yjsO+FLzqmy4Zhlj+38n0fqsB4v8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=y/W91l7mQ98yHqY5a2YGbVPBYTOpSBI1Z2mENCZGBkA=;
 b=ni9eFou4RvzKq5iWuab+Ly0Xqt4mT1CA3xwWixNNcb+xOpgl39cvAV8F5A/GHgU3W39XTccYQP/QhzpPWxGWOCoVmb8Kice4jJHAvVRWo8S+uvKzRty45Ufq8OuRRuwZo0pjuFKEd64ewOKfxB5jktd80tf5Lf/CxN6gnf9/dEOsBJcHkywmWHX3bV7FQ4TrZktKJx9YssaTAKizlQ19zJjcRFuTwwsiBkamJPjeByNezaOWrz/5KSic8xp+8PmhFEDydnhFi60HszQYa9FnDW2HsUOxxLCHDX24baaDzONLvGDzp3X6AdBvJPBfNu8XMg+izSNYL4gt6ziPiQ/7xA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=y/W91l7mQ98yHqY5a2YGbVPBYTOpSBI1Z2mENCZGBkA=;
 b=RBsPa0x0yhMLq0UWLLVIzN9+H1h+DkJnb5XvGFUlU0nZS5HrJKjug7u9lLC8urjDhFKyefXtZqy2EKAZnkIp6/+/sqDfza8CbH3k2bdB7nasJNBFBr0OfAUM2a2FBWjLJ54zaolLY6QYIgKko0biyG4HprUxY3Gmf/DsIbL+4KKALudjtdoetUZUmFW0aMigaHTusclIxodo4Z4vhqqKJcajqAo7HSs8taZl/ci7lEcx362Mwme65k1uIYIry7ZpBP4p2VmvWLs3oQKkWV6IcIZL/iur+rnPycJaRjTFpNxbPNf0qLUKrfZjBG9Jb+Fu0O1rkiXIxFPE1PukDgi+gg==
Received: from MW4PR04CA0358.namprd04.prod.outlook.com (2603:10b6:303:8a::33)
 by PH0PR12MB8822.namprd12.prod.outlook.com (2603:10b6:510:28d::17)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33; Tue, 16 May
 2023 23:00:38 +0000
Received: from CO1NAM11FT011.eop-nam11.prod.protection.outlook.com
 (2603:10b6:303:8a:cafe::5b) by MW4PR04CA0358.outlook.office365.com
 (2603:10b6:303:8a::33) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.31 via Frontend
 Transport; Tue, 16 May 2023 23:00:38 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.160) by
 CO1NAM11FT011.mail.protection.outlook.com (10.13.175.186) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.17 via Frontend Transport; Tue, 16 May 2023 23:00:37 +0000
Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:19 -0700
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail205.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:18 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:18 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSn019536;
 Wed, 17 May 2023 02:00:15 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 09/10] net/sched: act_ct: offload
 UDP NEW connections
Date: Tue, 16 May 2023 17:59:58 -0500
Message-ID: <1684277999-18029-10-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1NAM11FT011:EE_|PH0PR12MB8822:EE_
X-MS-Office365-Filtering-Correlation-Id: c372e889-110d-4810-3674-08db56615d57
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 42asd1xSCVeVMajEF7hPBrKQK82F6ymR6Q0n2NYoP6G7vohVlGxgd/w8XaO3fhapIObVT62dRp1pC94cNtnhEwGQ2jqb4tz8EWVtSAjCw8CLs3l2xHtt+Xjj8v5tqzGbUwfqt0wnYfVItiPd/Gfa+PlUZOSZqxzfLwN7ZI2FmWwO/U1Q+AVNwnooBl/FPMe4iTflf3CyqZoF0m4lFPKfz/nFzoQNTEDv4J+atNj+UNJ80W8Bb2jsczbNvI7Li9vIHF/UJZoh8xL6eYCszTCr6DvEZZrQXBmDq5u2nyruDUT6TtGeXXgnrXQH6fYMjTsTp5aYdjn5G4zTKwnjBuqKZHYuYeWE09uiFDqctlY2nm5k5GB9pNLkFtwVRHtPQfbhcUr337ZKG6w5FOPoCWAXmvX3hexEwnJ2kGlpBy0cXW/s2I8zyhAM7J/hkcwkQ+Ywk6d9qpEs8LVC8J+k1mDsyh+qXH0Ujun1Sqe/qQRyAiLcGQwr1gvUQNoe0ZaYJKu0abPm4O8VFBCv6OTeMedNbTpQ4LpmZZsWBQ9e0C/Il10SPkczFfn7PjACBwpIRalVfdoDZd1P7pH++O/tBccTdwiBJwVwwVThQRsnpYYwj2UJW6RrFSIUckaKDBDAeRMMRYixrBHG9nUSDuzkqmoAXqcloqItyfX8QCuCNR4Qsjx3VCZjucKP8q43ccWzLFKWA6p/rK3Ze0fndGja1ZBEJdrtxq28eLreEK9xhSz7NJySp9Z2gELNpdZwwdlNL2mxJ+H1VWFXB6vr5PbCcLRImRnnL33376aGczv6KWavVx8=
X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(136003)(376002)(396003)(346002)(39860400002)(451199021)(40470700004)(46966006)(36840700001)(40460700003)(4326008)(70586007)(6916009)(478600001)(86362001)(966005)(70206006)(316002)(54906003)(36756003)(83380400001)(47076005)(41300700001)(26005)(186003)(2616005)(336012)(36860700001)(6666004)(5660300002)(8936002)(2906002)(8676002)(40480700001)(82310400005)(7636003)(356005)(82740400003);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:37.9776 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c372e889-110d-4810-3674-08db56615d57
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1NAM11FT011.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8822
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Modify the offload algorithm of UDP connections to the following:

- Offload NEW connection as unidirectional.

- When connection state changes to ESTABLISHED also update the hardware
flow. However, in order to prevent act_ct from spamming offload add wq for
every packet coming in reply direction in this state verify whether
connection has already been updated to ESTABLISHED in the drivers. If that
it the case, then skip flow_table and let conntrack handle such packets
which will also allow conntrack to potentially promote the connection to
ASSURED.

- When connection state changes to ASSURED set the flow_table flow
NF_FLOW_HW_BIDIRECTIONAL flag which will cause refresh mechanism to offload
the reply direction.

All other protocols have their offload algorithm preserved and are always
offloaded as bidirectional.

Note that this change tries to minimize the load on flow_table add
workqueue. First, it tracks the last ctinfo that was offloaded by using new
flow 'NF_FLOW_HW_ESTABLISHED' flag and doesn't schedule the refresh for
reply direction packets when the offloads have already been updated with
current ctinfo. Second, when 'add' task executes on workqueue it always
update the offload with current flow state (by checking 'bidirectional'
flow flag and obtaining actual ctinfo/cookie through meta action instead of
caching any of these from the moment of scheduling the 'add' work)
preventing the need from scheduling more updates if state changed
concurrently while the 'add' work was pending on workqueue.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6a9bad0069cf306f3df6ac53cf02438d4e15f296)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/sched/act_ct.c | 51 +++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index fb58c83..d72ce86 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -374,7 +374,7 @@ static void tcf_ct_flow_tc_ifidx(struct flow_offload *entry,
 
 static void tcf_ct_flow_table_add(struct tcf_ct_flow_table *ct_ft,
 				  struct nf_conn *ct,
-				  bool tcp)
+				  bool tcp, bool bidirectional)
 {
 	struct nf_conn_act_ct_ext *act_ct_ext;
 	struct flow_offload *entry;
@@ -393,6 +393,8 @@ static void tcf_ct_flow_table_add(struct tcf_ct_flow_table *ct_ft,
 		ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
 		ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
 	}
+	if (bidirectional)
+		__set_bit(NF_FLOW_HW_BIDIRECTIONAL, &entry->flags);
 
 	act_ct_ext = nf_conn_act_ct_ext_find(ct);
 	if (act_ct_ext) {
@@ -416,26 +418,34 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 					   struct nf_conn *ct,
 					   enum ip_conntrack_info ctinfo)
 {
-	bool tcp = false;
-
-	if ((ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) ||
-	    !test_bit(IPS_ASSURED_BIT, &ct->status))
-		return;
+	bool tcp = false, bidirectional = true;
 
 	switch (nf_ct_protonum(ct)) {
 	case IPPROTO_TCP:
-		tcp = true;
-		if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
+		if ((ctinfo != IP_CT_ESTABLISHED &&
+		     ctinfo != IP_CT_ESTABLISHED_REPLY) ||
+		    !test_bit(IPS_ASSURED_BIT, &ct->status) ||
+		    ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
 			return;
+
+		tcp = true;
 		break;
 	case IPPROTO_UDP:
+		if (!nf_ct_is_confirmed(ct))
+			return;
+		if (!test_bit(IPS_ASSURED_BIT, &ct->status))
+			bidirectional = false;
 		break;
 #ifdef CONFIG_NF_CT_PROTO_GRE
 	case IPPROTO_GRE: {
 		struct nf_conntrack_tuple *tuple;
 
-		if (ct->status & IPS_NAT_MASK)
+		if ((ctinfo != IP_CT_ESTABLISHED &&
+		     ctinfo != IP_CT_ESTABLISHED_REPLY) ||
+		    !test_bit(IPS_ASSURED_BIT, &ct->status) ||
+		    ct->status & IPS_NAT_MASK)
 			return;
+
 		tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
 		/* No support for GRE v1 */
 		if (tuple->src.u.gre.key || tuple->dst.u.gre.key)
@@ -451,7 +461,7 @@ static void tcf_ct_flow_table_process_conn(struct tcf_ct_flow_table *ct_ft,
 	    ct->status & IPS_SEQ_ADJUST)
 		return;
 
-	tcf_ct_flow_table_add(ct_ft, ct, tcp);
+	tcf_ct_flow_table_add(ct_ft, ct, tcp, bidirectional);
 }
 
 static bool
@@ -630,13 +640,30 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
 	flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
 	ct = flow->ct;
 
+	if (dir == FLOW_OFFLOAD_DIR_REPLY &&
+	    !test_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags)) {
+		/* Only offload reply direction after connection became
+		 * assured.
+		 */
+		if (test_bit(IPS_ASSURED_BIT, &ct->status))
+			set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
+		else if (test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags))
+			/* If flow_table flow has already been updated to the
+			 * established state, then don't refresh.
+			 */
+			return false;
+	}
+
 	if (tcph && (unlikely(tcph->fin || tcph->rst))) {
 		flow_offload_teardown(flow);
 		return false;
 	}
 
-	ctinfo = dir == FLOW_OFFLOAD_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
-						    IP_CT_ESTABLISHED_REPLY;
+	if (dir == FLOW_OFFLOAD_DIR_ORIGINAL)
+		ctinfo = test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ?
+			IP_CT_ESTABLISHED : IP_CT_NEW;
+	else
+		ctinfo = IP_CT_ESTABLISHED_REPLY;
 
 	flow_offload_refresh(nf_ft, flow);
 	nf_conntrack_get(&ct->ct_general);

From patchwork Tue May 16 22:59:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1782380
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=HT5lk8f3;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QLWtg4zkHz20dn
	for <incoming@patchwork.ozlabs.org>; Wed, 17 May 2023 09:00:59 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pz3f1-0000VG-Km; Tue, 16 May 2023 23:00:51 +0000
Received: from mail-sn1nam02on2069.outbound.protection.outlook.com
 ([40.107.96.69] helo=NAM02-SN1-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <yifeid@nvidia.com>) id 1pz3ev-0000Gt-KN
 for kernel-team@lists.ubuntu.com; Tue, 16 May 2023 23:00:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=cR1BVRjocJoGlZvrnr+BROrBojpj2YdLlBv6j2lcJOnZc+AllMwW8EWl7DfV5ELSaMS5O00gReBD5yxZv5HNKJiwjvOQNqJJX4NfgNVHXCF/4FzD3lV3cUz6rap6GS4cjKybLFfLVqYtP2QJpBJQjANCm5JF6t04oygSS9gFNuEzcKsSKYemGpUNYvGY5UhHkOjznKTZQTjpxNtU4SeIKmvOu9OaxSAG7JLjRsl29+9TG3Fr9ouUjoMKEtJRr/92XvR4WJUri+STCAmE2lAnyl+Icm6yA3C4GC82JHpnUZaoie/qwW4MCZQNlWLwcMdiGwJL4zfMd1FonAjp29zJFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=rGKhL+7YWjNkzM5T4DBYDZUh/6U1e9ZHTjsf71FIg5k=;
 b=KhcP8YWeMJXWJuTK4vsrVLh3jNduXeh901OuUyH2mhB8f4dHiDrycCKCyRshwSjWKT02JhNX9isaMNnkJ7M04gDRIA/iuwPtbvRCZZHg8r9UNBK+sZL3FVsjfTQe+0fHAcnO7AUQnu34rq13OHEDqWfrY8KrMmcugIWrUAvxyawGMTfu3qXq5tPSK+yEn70lqN4xLp2CWeQ2CzN9rBj7RhWQbMgg/GKomDIp2Z342ln46jrufG25wRIpja4lmjrKgPzqam+VqLuw+ChuPyHc36X/fM5orEdP2P6YIGmkovN2UF9cr0d1CxqSfFCAvUQyGNVV5sgLMaCAUCTcPMl1Qg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=rGKhL+7YWjNkzM5T4DBYDZUh/6U1e9ZHTjsf71FIg5k=;
 b=HT5lk8f35mJj/et94pFds3FTbGD+x00pAbX6d5L3eChVOvaXATZBFl3eDksqsCn+n8nFpVMgkkVN2B32FqlOIPDsq6gwCpnHmQTNGWIG/yGpH6GRuxAgQS9k2Tld7ot2ytHed6sqBndxaDnkXj5DH8zsj+tRrYAR9miYu+ScJZ6uqLgzvl0i6AJdCvF7vvDvoVXG1GuxYQYln3ADWw7ogpbiC8CWlmuynUMpWhiB0ld0aPd2Rc3jMk6SMO9ufWyzPkC9BDSPQ3LC6JwxvyIokoF1IiB+hVPlGz6sbKgw09GG9ZX3zn2pqaWo4qYXB005g/Ui47RmHxcLv3BNEb2/jQ==
Received: from DS7PR03CA0337.namprd03.prod.outlook.com (2603:10b6:8:55::25) by
 BL1PR12MB5948.namprd12.prod.outlook.com (2603:10b6:208:39b::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Tue, 16 May
 2023 23:00:42 +0000
Received: from DM6NAM11FT037.eop-nam11.prod.protection.outlook.com
 (2603:10b6:8:55:cafe::b6) by DS7PR03CA0337.outlook.office365.com
 (2603:10b6:8:55::25) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.33 via Frontend
 Transport; Tue, 16 May 2023 23:00:41 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 DM6NAM11FT037.mail.protection.outlook.com (10.13.172.122) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6411.17 via Frontend Transport; Tue, 16 May 2023 23:00:41 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 16 May 2023
 16:00:21 -0700
Received: from rnnvmail202.nvidia.com (10.129.68.7) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 16 May
 2023 16:00:21 -0700
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend
 Transport; Tue, 16 May 2023 16:00:20 -0700
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 34GMxxSo019536;
 Wed, 17 May 2023 02:00:17 +0300
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 10/10] netfilter: nf_conntrack:
 allow early drop of offloaded UDP conns
Date: Tue, 16 May 2023 17:59:59 -0500
Message-ID: <1684277999-18029-11-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
References: <1684277999-18029-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT037:EE_|BL1PR12MB5948:EE_
X-MS-Office365-Filtering-Correlation-Id: 4070e674-321c-47db-4ec6-08db56615f7d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 QKEvwGD1B31lHwkvBBbXL0+uNrNW8NMw9KfAeGPZPsp56onPY4vS+LGdNfzQnO6+rX0fHlVHGprA0KRidX+/5Lsw8f7l6w7uWXD0ZdJiIaZkCdBjqLk/pXjs/RSvg2PNJD8aUHGlycYr/mJ3jiCzBjEKioTShmL7YQrqZaNi33Q4jazaCYpBca05eCv+h4klf0XEzkXSGPL1kLtiWFtM6W5/S3Yekx6KULLv3y5AAnQrsENLNSn5lrZrMkUXu3wKLtRuFBPKdc6JAtuZQy+r+U8wHvs9ouTlXWirmVALtVVJilUJROzMx2H5GHtQfz07C+Vs0Mo5hjVl6Q7cTAR1upozQFV/9UPEPudHwk+lkVh3724HLHNatKYdYZJXUORwo2URCtTzxjRHh/Q8cSVCHvaKp9p6WZwD4525HMInjSulabID3xFwLWfyaJhBXkczOlPZko2+uahJ8UFfoCNArBibLlYnA+IUCED5qrdcjRkGTlj4E1GVhATUFE2V866uCeCzdoWfSTI7HlsNkF9GP80oc+oN/ZBlOa0rRzbPXFcKRvmHGUUw3PkJ1ouX9tKOWThFH0V/Jqz8BMBtlrG+FfhKkNmJTHynLqvCZaHFzc+im8Z7OT28sjJsYHvY+T1cGeiKxZiYeV9wr0f+hZt2BQO3d4CX+YrZXfwW0CIgo05B8Ium1IpGSfowMguyxuxS+PItwzVYkpoQGzoc+KMRnOcaDKvuDwfwU3uvnTegqbr+zobkdXrp7A/ddSAAoKzgCOKQKzCr1HC/WDJ8eq438qrMv19HoOaW3Oc09sQHDKU=
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230028)(4636009)(396003)(376002)(39860400002)(136003)(346002)(451199021)(46966006)(40470700004)(36840700001)(356005)(7636003)(86362001)(82310400005)(82740400003)(36756003)(40460700003)(5660300002)(4326008)(316002)(8676002)(186003)(336012)(8936002)(26005)(6916009)(40480700001)(47076005)(41300700001)(2616005)(2906002)(54906003)(478600001)(70206006)(70586007)(966005)(83380400001)(36860700001)(6666004);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2023 23:00:41.5358 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 4070e674-321c-47db-4ec6-08db56615f7d
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT037.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5948
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, cascardo@canonical.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Vlad Buslov <vladbu@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/2019264

Both synchronous early drop algorithm and asynchronous gc worker completely
ignore connections with IPS_OFFLOAD_BIT status bit set. With new
functionality that enabled UDP NEW connection offload in action CT
malicious user can flood the conntrack table with offloaded UDP connections
by just sending a single packet per 5tuple because such connections can no
longer be deleted by early drop algorithm.

To mitigate the issue allow both early drop and gc to consider offloaded
UDP connections for deletion.

Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit df25455e5a489764508942b77b77de8f550e92cd)
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/netfilter/nf_conntrack_core.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index aec432f..8f5bf25 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1355,9 +1355,6 @@ static unsigned int early_drop_list(struct net *net,
 	hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
 		tmp = nf_ct_tuplehash_to_ctrack(h);
 
-		if (test_bit(IPS_OFFLOAD_BIT, &tmp->status))
-			continue;
-
 		if (nf_ct_is_expired(tmp)) {
 			nf_ct_gc_expired(tmp);
 			continue;
@@ -1424,11 +1421,14 @@ static bool gc_worker_skip_ct(const struct nf_conn *ct)
 static bool gc_worker_can_early_drop(const struct nf_conn *ct)
 {
 	const struct nf_conntrack_l4proto *l4proto;
+	u8 protonum = nf_ct_protonum(ct);
 
+	if (test_bit(IPS_OFFLOAD_BIT, &ct->status) && protonum != IPPROTO_UDP)
+		return false;
 	if (!test_bit(IPS_ASSURED_BIT, &ct->status))
 		return true;
 
-	l4proto = nf_ct_l4proto_find(nf_ct_protonum(ct));
+	l4proto = nf_ct_l4proto_find(protonum);
 	if (l4proto->can_early_drop && l4proto->can_early_drop(ct))
 		return true;
 
@@ -1485,7 +1485,8 @@ static void gc_worker(struct work_struct *work)
 
 			if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) {
 				nf_ct_offload_timeout(tmp);
-				continue;
+				if (!nf_conntrack_max95)
+					continue;
 			}
 
 			if (expired_count > GC_SCAN_EXPIRED_MAX) {