[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
This bug was fixed in the package linux-bluefield - 5.4.0-1060.66 --- linux-bluefield (5.4.0-1060.66) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1060.66 -proposed tracker (LP: #2008364) * gpio: Restrict usage of GPIO chip irq members before initialization (LP: #2007581) - gpio: Restrict usage of GPIO chip irq members before initialization - gpio: Request interrupts after IRQ is initialized * netfilter: flowtable: add counter support in HW offload (LP: #2008136) - netfilter: conntrack: add nf_ct_acct_add() - netfilter: flowtable: add counter support in HW offload [ Ubuntu: 5.4.0-145.162 ] * focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389) * [SRU]Update ice driver to support E823 devices (LP: #1986717) - ice: Add device ids for E822 devices - ice: add support for E823 devices * btrfs/154: rename fails with EOVERFLOW when calculating item size during item key collision (LP: #2004132) - btrfs: correctly calculate item size used when item key collision happens * rtcpie in timers from ubuntu_kernel_selftests randomly failing (LP: #1814234) - SAUCE: selftest: rtcpie: Force passing unreliable subtest * [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - kernel part (LP: #1999882) - KVM: s390x: fix SCK locking - KVM: s390: pv: don't allow userspace to set the clock under PV * CVE-2021-3669 - ipc: replace costly bailout check in sysvipc_find_ipc() * net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391) - selftests/net: Find nettest in current directory * xfs: Preallocated ioend transactions cause deadlock due to log buffer exhaustion (LP: #2007219) - xfs: drop submit side trans alloc for append ioends * CVE-2022-4382 - USB: gadgetfs: Fix race between mounting and unmounting * CVE-2022-2196 - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS * ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447) - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs * net:fcnal-test.sh didn't return a non-zero value even with some sub-tests failed (LP: #2006692) - selftests: net/fcnal-test.sh: add exit code * Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453) - SAUCE: Fix ftrace/Meta-selftests bashism check * CVE-2023-23559 - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid -- Bartlomiej Zolnierkiewicz Fri, 10 Mar 2023 18:15:33 +0100 ** Changed in: linux-bluefield (Ubuntu Focal) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3669 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2196 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4382 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23559 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Released Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing.
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Description changed: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: + echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
This bug is awaiting verification that the linux-bluefield/5.4.0-1060.66 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-bluefield verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Changed in: linux-bluefield (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Changed in: linux-bluefield (Ubuntu Focal) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: In Progress Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Changed in: linux-bluefield (Ubuntu Focal) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Confirmed Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2008136] Re: netfilter: flowtable: add counter support in HW offload
** Also affects: linux-bluefield (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-bluefield (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: linux-bluefield (Ubuntu Focal) Status: New => In Progress ** Changed in: linux-bluefield (Ubuntu Focal) Assignee: (unassigned) => William Tu (wtu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2008136 Title: netfilter: flowtable: add counter support in HW offload Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: In Progress Bug description: * Explain the bug(s) While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted. * Brief explanation of fixes Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules. ef803b3cf96a netfilter: flowtable: add counter support in HW offload 9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add() note: need to change a little due to cherry-pick conflict with 24384e28586c netfilter: flowtable: Set offload timeouts according to proto values * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a TCP connection, e.g: on mlx5 VF1 iperf -s on mlx5 VF2 iperf -c -t 10 Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi tcp and see no iperf tcp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i See counters (packets=.*) advancing while tuples were offloaded: ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
