[Kernel-packages] [Bug 1963948] Re: Fix flow table lookup after ct clear or switching zones
This bug was fixed in the package linux-bluefield - 5.4.0-1035.38 --- linux-bluefield (5.4.0-1035.38) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1035.38 -proposed tracker (LP: #1969372) * mlxbf-gige: sync up with upstreamed version (LP: #1969233) - SAUCE: Revert "UBUNTU: SAUCE: Fix OOB handling RX packets in heavy traffic" - SAUCE: Revert "UBUNTU: SAUCE: mlxbf_gige: update driver version to 1.25" - SAUCE: Revert "UBUNTU: SAUCE: mlxbf_gige: clear valid_polarity upon open" - SAUCE: Revert "UBUNTU: SAUCE: mlxbf_gige: add interrupt counts to "ethtool -S"" - SAUCE: Revert "UBUNTU: SAUCE: mlxbf-gige: add ethtool mlxbf_gige_set_ringparam" - SAUCE: Revert "UBUNTU: SAUCE: mlxbf-gige: add driver version" - mlxbf_gige: clear valid_polarity upon open - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling - SAUCE: mlxbf-gige: add driver version - SAUCE: mlxbf_gige: add interrupt counts to "ethtool -S" - SAUCE: mlxbf-gige: add ethtool mlxbf_gige_set_ringparam - SAUCE: Fix OOB handling RX packets in heavy traffic * linux-bluefield: Fix build failure in mlxbf_gige (LP: #1969374) - gpiolib: acpi: Allow to find GpioInt() resource by name and index linux-bluefield (5.4.0-1034.37) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1034.37 -proposed tracker (LP: #1968766) * Devlink wasn't enabled from common config (LP: #1968751) - [Config] Bluefield: Enable CONFIG_NET_DEVLINK - [Config] Bluefield: Enable dummy config options NET_VENDOR_BROADCOM and PAGE_POOL linux-bluefield (5.4.0-1033.36) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1033.36 -proposed tracker (LP: #1967369) * Fix flow table lookup failure with no originating ifindex (LP: #1967892) - net/sched: act_ct: Fix flow table lookup failure with no originating ifindex * Fix OOB handling RX packets in heavy traffic (LP: #1964984) - SAUCE: Fix OOB handling RX packets in heavy traffic * Pass originating device to drivers offloading ct connection so devices will filter the tuples and offload them more efficiently (LP: #1960575) - net: openvswitch: Be liberal in tcp conntrack. - net/sched: act_ct: Fill offloading tuple iifidx - net: openvswitch: Fill act ct extension * Fix flow table lookup after ct clear or switching zones (LP: #1963948) - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones * CT: Offload only ASSURED connections (LP: #1961819) - net/sched: act_ct: Offload only ASSURED connections * Sync up gpio interrupt handling with upstreamed version (LP: #1965017) - Revert "UBUNTU: SAUCE: gpio-mlxbf2.c: Fix setting the gpio direction to output" - Revert "UBUNTU: SAUCE: gpio-mlxbf2.c: remove phy interrupt" - Revert "UBUNTU: SAUCE: gpio-mlxbf2: Cleanup and use generic gpio_irq_chip struct" - Revert "UBUNTU: SAUCE: gpio-mlxbf2.c: Support soft reset gpio interrupt" - Revert "UBUNTU: SAUCE: gpio-mlxbf2.c: fix spinlock bug and using uninitialized work" - Revert "UBUNTU: SAUCE: gpio: Add irq support for gpio-mlxbf2" - gpio: mlxbf2: remove unused including - gpio: mlxbf2: fix return value check in mlxbf2_gpio_get_lock_res() - gpio: mlxbf2: Fix sleeping while holding spinlock - gpio: gpio-mlxbf2: Tell the compiler that ACPI functions may not be use - gpio: gpio-mlxbf2.c: Provide __releases() annotation to stop confusing Sparse - gpio: mlxbf2: Convert to device PM ops - gpio: mlxbf2: Drop wrong use of ACPI_PTR() - gpio: mlxbf2: Use devm_platform_ioremap_resource() - gpio: mlxbf2: Use DEFINE_RES_MEM_NAMED() helper macro - gpio: mlxbf2.c: Add check for bgpio_init failure - gpio: mlxbf2: Introduce IRQ support - SAUCE: gpio-mlxbf2.c: Add version and fix SPDX-License_Identifier - SAUCE: i2c-mlxbf.c: remove IRQF_ONESHOT flag - [Config] bluefield: CONFIG_POWER_MLXBF=m - SAUCE: Add power driver to handle reset interrupt and low power mode interrupt * Support VF groups rate limit (LP: #1962490) - [Config] Bluefield: disable inbox drivers which are not used - devlink: Allow large formatted message of binary output - devlink: add support for reporter recovery completion - devlink: add macro for "fw.psid" - devlink: move devlink documentation to subfolder - devlink: correct misspelling of snapshot - devlink: Add layer 3 generic packet traps - devlink: Add layer 3 generic packet exception traps - devlink: Add non-routable packet trap - devlink: Add tunnel generic packet traps - devlink: Add overlay source MAC is multicast trap - devlink: add macro for "fw.roce" - devlink: Force enclosing array on binary fmsg data - devlink: add ACL generic packet traps - devlink: add trap metadata type for cookie - devlink: extend devlink_trap_report() to accept cookie and pass - devlink: promote
[Kernel-packages] [Bug 1963948] Re: Fix flow table lookup after ct clear or switching zones
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1963948 Title: Fix flow table lookup after ct clear or switching zones Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug Flow table lookup is skipped if packet either went through ct clear action (which set the IP_CT_UNTRACKED flag on the packet), or while switching zones and there is already a connection associated with the packet. This will result in no SW offload of the connection, and the and connection not being removed from flow table with TCP teardown (fin/rst packet). * How to test Create OVS bridge with 2 veth pairs, put each veth peer device in a different namespace - ns0, ns1, and add the other side veth devices (named ns[01]_veth below) to OVS bridge. Configure the namespace devices with an ip, and bring all devices up. Enable HW offload in ovs and configure connection tracking OpenFlow rules that pass via two zones (but drop the FIN packets on the reply side or they will still teardown the connection in second zone from the reply side as it happens first): ovs-ofctl add-flow br-ovs "arp actions=NORMAL" ovs-ofctl add-flow br-ovs "ct_state=-trk,ip,in_port=ns0_veth actions=ct(table=5,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=-trk,tcp,in_port=ns1_veth,tcp_flags=-fin actions=ct(table=8,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=5),ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=7),output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=ct(table=9,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=output:ns0_veth" Run TCP iperf from ns0 namespace to an iperf server on ns1 namepsace with the given ip. After traffic ends, check cat /proc/net/nf_conntrack | grep -i offload If bug occurs, connections will remain offloaded till timeout, otherwise, they will be in teardown state. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1963948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1963948] Re: Fix flow table lookup after ct clear or switching zones
This bug is awaiting verification that the linux-bluefield/5.4.0-1033.36 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1963948 Title: Fix flow table lookup after ct clear or switching zones Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug Flow table lookup is skipped if packet either went through ct clear action (which set the IP_CT_UNTRACKED flag on the packet), or while switching zones and there is already a connection associated with the packet. This will result in no SW offload of the connection, and the and connection not being removed from flow table with TCP teardown (fin/rst packet). * How to test Create OVS bridge with 2 veth pairs, put each veth peer device in a different namespace - ns0, ns1, and add the other side veth devices (named ns[01]_veth below) to OVS bridge. Configure the namespace devices with an ip, and bring all devices up. Enable HW offload in ovs and configure connection tracking OpenFlow rules that pass via two zones (but drop the FIN packets on the reply side or they will still teardown the connection in second zone from the reply side as it happens first): ovs-ofctl add-flow br-ovs "arp actions=NORMAL" ovs-ofctl add-flow br-ovs "ct_state=-trk,ip,in_port=ns0_veth actions=ct(table=5,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=-trk,tcp,in_port=ns1_veth,tcp_flags=-fin actions=ct(table=8,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=5),ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=7),output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=ct(table=9,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=output:ns0_veth" Run TCP iperf from ns0 namespace to an iperf server on ns1 namepsace with the given ip. After traffic ends, check cat /proc/net/nf_conntrack | grep -i offload If bug occurs, connections will remain offloaded till timeout, otherwise, they will be in teardown state. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1963948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1963948] Re: Fix flow table lookup after ct clear or switching zones
** Changed in: linux-bluefield (Ubuntu Focal) Status: In Progress => Fix Committed ** Changed in: linux-bluefield (Ubuntu Focal) Assignee: (unassigned) => Bodong Wang (bodong-wang) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1963948 Title: Fix flow table lookup after ct clear or switching zones Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug Flow table lookup is skipped if packet either went through ct clear action (which set the IP_CT_UNTRACKED flag on the packet), or while switching zones and there is already a connection associated with the packet. This will result in no SW offload of the connection, and the and connection not being removed from flow table with TCP teardown (fin/rst packet). * How to test Create OVS bridge with 2 veth pairs, put each veth peer device in a different namespace - ns0, ns1, and add the other side veth devices (named ns[01]_veth below) to OVS bridge. Configure the namespace devices with an ip, and bring all devices up. Enable HW offload in ovs and configure connection tracking OpenFlow rules that pass via two zones (but drop the FIN packets on the reply side or they will still teardown the connection in second zone from the reply side as it happens first): ovs-ofctl add-flow br-ovs "arp actions=NORMAL" ovs-ofctl add-flow br-ovs "ct_state=-trk,ip,in_port=ns0_veth actions=ct(table=5,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=-trk,tcp,in_port=ns1_veth,tcp_flags=-fin actions=ct(table=8,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=5),ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=7),output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=ct(table=9,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=output:ns0_veth" Run TCP iperf from ns0 namespace to an iperf server on ns1 namepsace with the given ip. After traffic ends, check cat /proc/net/nf_conntrack | grep -i offload If bug occurs, connections will remain offloaded till timeout, otherwise, they will be in teardown state. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1963948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1963948] Re: Fix flow table lookup after ct clear or switching zones
** Also affects: linux-bluefield (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-bluefield (Ubuntu Focal) Status: New => In Progress ** Changed in: linux-bluefield (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1963948 Title: Fix flow table lookup after ct clear or switching zones Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: In Progress Bug description: * Explain the bug Flow table lookup is skipped if packet either went through ct clear action (which set the IP_CT_UNTRACKED flag on the packet), or while switching zones and there is already a connection associated with the packet. This will result in no SW offload of the connection, and the and connection not being removed from flow table with TCP teardown (fin/rst packet). * How to test Create OVS bridge with 2 veth pairs, put each veth peer device in a different namespace - ns0, ns1, and add the other side veth devices (named ns[01]_veth below) to OVS bridge. Configure the namespace devices with an ip, and bring all devices up. Enable HW offload in ovs and configure connection tracking OpenFlow rules that pass via two zones (but drop the FIN packets on the reply side or they will still teardown the connection in second zone from the reply side as it happens first): ovs-ofctl add-flow br-ovs "arp actions=NORMAL" ovs-ofctl add-flow br-ovs "ct_state=-trk,ip,in_port=ns0_veth actions=ct(table=5,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=-trk,tcp,in_port=ns1_veth,tcp_flags=-fin actions=ct(table=8,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=5),ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=ct(table=7,zone=7)" ovs-ofctl add-flow br-ovs "ct_state=+new+trk,ip,in_port=ns0_veth actions=ct(commit,zone=7),output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,ip,in_port=ns0_veth actions=output:ns1_veth" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=ct(table=9,zone=5)" ovs-ofctl add-flow br-ovs "ct_state=+est+trk,tcp,in_port=ns1_veth actions=output:ns0_veth" Run TCP iperf from ns0 namespace to an iperf server on ns1 namepsace with the given ip. After traffic ends, check cat /proc/net/nf_conntrack | grep -i offload If bug occurs, connections will remain offloaded till timeout, otherwise, they will be in teardown state. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1963948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp