** Description changed:
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the
offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW
offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto
values
* How to test
+ Create OVS bridge with 2 devices mlx5 rep devices.
+ Enable HW offload and configure regular connection tracking OpenFlow rules:
- Enable nf_conn_acct, enable HW offload using OVS or tc-flower, and check ct
stats.
- ex:
- ovs-vsctl get Open_vSwitch . other_config
- {hw-offload="true"}
- ovs-appctl dpctl/dump-flows type=offloaded
- ovs-appctl dpctl/dump-conntrack
+ e.g:
+ ovs-ofctl del-flows br-ovs
+ ovs-ofctl add-flow br-ovs arp,actions=normal
+ ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
+ ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new
actions=ct(commit),normal"
+ ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
+
+ Run a TCP connection, e.g:
+ on mlx5 VF1 iperf -s
+ on mlx5 VF2 iperf -c <ip> -t 10
+
+ Optional: In different terminal, while traffic is running, check for offload:
+ tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
+
+ and see no iperf tcp packets.
+ Dump conntrack with relevant ip:
+ cat /proc/net/nf_conntrack | grep -i <ip>
+
+ See counters (packets=.*) advancing while tuples were offloaded:
+ ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
+
+
* What it could break.
Nothing.
** Summary changed:
- Add HW offloaded CT stats
+ netfilter: flowtable: add counter support in HW offload
** Description changed:
* Explain the bug(s)
- When CT HW offload is enabled, the CT stats does not show the stats of the
offloaded flow.
- Ex: using
- cat /proc/net/nf_conntrack, or conntrack -L
- shows only the software CT stats, not the offloaded CT stats
+ While conntrack tuples are offloaded to hardware and conntrack packet
+ accounting is enabled, offloaded packets aren't counted.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW
offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto
values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
- ovs-ofctl del-flows br-ovs
- ovs-ofctl add-flow br-ovs arp,actions=normal
- ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
- ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new
actions=ct(commit),normal"
- ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
-
+ ovs-ofctl del-flows br-ovs
+ ovs-ofctl add-flow br-ovs arp,actions=normal
+ ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
+ ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new
actions=ct(commit),normal"
+ ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
- on mlx5 VF2 iperf -c <ip> -t 10
+ on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
-
* What it could break.
Nothing.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/2008136
Title:
netfilter: flowtable: add counter support in HW offload
Status in linux-bluefield package in Ubuntu:
New
Bug description:
* Explain the bug(s)
While conntrack tuples are offloaded to hardware and conntrack packet
accounting is enabled, offloaded packets aren't counted.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW
offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto
values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new
actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
