[Kernel-packages] [Bug 2059961] Re: genetlink: fix single op policy dump when do is present
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2059961 Title: genetlink: fix single op policy dump when do is present Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Jammy: Fix Committed Bug description: intro - Our internal test triggers a kernel crash dump below [ 888.690348] Sun Mar 24 23:51:59 2024: DriVerTest - Start Test [ 888.691834] [ 888.983912] mlx5_core :08:00.1 eth3: Link up [ 888.987644] IPv6: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready [ 889.336577] mlx5_core :08:00.0 eth2: Link up [ 894.635836] Sun Mar 24 11:52:04 PM IST 2024 - DriVerTest Debug Heartbeat [ 940.431644] general protection fault, probably for non-canonical address 0x80020014: [#1] SMP NOPTI [ 940.432866] CPU: 7 PID: 94305 Comm: ethtool Tainted: G OE 5.15.0-1039.17.g0d63875-bluefield #1 [ 940.433970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 940.435220] RIP: 0010:netlink_policy_dump_add_policy+0x95/0x160 [ 940.435893] Code: 48 c1 e0 04 4c 8b 34 01 4d 85 f6 74 5b 31 db eb 10 4c 89 e8 83 c3 01 48 c1 e0 04 39 5c 01 08 72 3f 89 d8 48 c1 e0 04 4c 01 f0 <0f> b6 10 83 ea 08 83 fa 01 77 dc 0f b7 50 02 48 8b 70 08 48 8d 7c [ 940.437921] RSP: 0018:ffa002d37a08 EFLAGS: 00010286 [ 940.438551] RAX: 80020014 RBX: RCX: ff1100027d00 [ 940.439351] RDX: fff8 RSI: 0018 RDI: ffa002d37a10 [ 940.440131] RBP: 0003 R08: 0040 R09: ff1100027d2d0f10 [ 940.440900] R10: 0318 R11: R12: ff1100011fa59bc0 [ 940.441683] R13: 0004 R14: 80020014 R15: 83fa6540 [ 940.442459] FS: 7f4a17993740() GS:ff1100085f9c() knlGS: [ 940.443394] CS: 0010 DS: ES: CR0: 80050033 [ 940.444044] CR2: 00429f50 CR3: 00012fc2e002 CR4: 00771ee0 [ 940.444847] DR0: DR1: DR2: [ 940.445639] DR3: DR6: fffe0ff0 DR7: 0400 [ 940.446431] PKRU: 5554 [ 940.446795] Call Trace: [ 940.447144] [ 940.447444] ? __die_body+0x1b/0x60 [ 940.447880] ? die_addr+0x39/0x60 [ 940.448315] ? exc_general_protection+0x1bc/0x3c0 [ 940.448867] ? asm_exc_general_protection+0x22/0x30 [ 940.449445] ? netlink_policy_dump_add_policy+0x95/0x160 [ 940.450058] ? netlink_policy_dump_add_policy+0xb2/0x160 [ 940.450714] ? ethtool_get_phc_vclocks+0x70/0x70 [ 940.451272] ctrl_dumppolicy_start+0xc4/0x2a0 [ 940.451788] ? ethnl_reply_init+0xd0/0xd0 [ 940.452284] ? __nla_parse+0x22/0x30 [ 940.452734] ? __cond_resched+0x15/0x30 [ 940.453211] ? kmem_cache_alloc_trace+0x44/0x390 [ 940.453750] genl_start+0xc3/0x150 [ 940.454179] __netlink_dump_start+0x175/0x250 [ 940.454706] genl_family_rcv_msg_dumpit.isra.0+0x9a/0x100 [ 940.455334] ? genl_family_rcv_msg_attrs_parse.isra.0+0xe0/0xe0 [ 940.455998] ? genl_unlock+0x20/0x20 [ 940.456453] ? genl_parallel_done+0x40/0x40 [ 940.456957] genl_rcv_msg+0x11f/0x2b0 [ 940.457421] ? genl_get_cmd+0x170/0x170 [ 940.457890] ? ctrl_dumppolicy_put_op.isra.0+0x1e0/0x1e0 [ 940.458515] ? genl_lock_done+0x60/0x60 [ 940.458987] ? genl_family_rcv_msg_doit.isra.0+0x110/0x110 [ 940.459634] netlink_rcv_skb+0x54/0x100 [ 940.460107] genl_rcv+0x24/0x40 [ 940.460504] netlink_unicast+0x18d/0x230 [ 940.460983] netlink_sendmsg+0x240/0x4a0 [ 940.461472] __sock_sendmsg+0x2f/0x40 [ 940.461922] __sys_sendto+0xee/0x160 [ 940.462384] ? __sys_recvmsg+0x56/0xa0 [ 940.462854] ? exit_to_user_mode_prepare+0x35/0x170 [ 940.463439] __x64_sys_sendto+0x25/0x30 [ 940.463906] do_syscall_64+0x35/0x80 [ 940.464368] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 940.464955] RIP: 0033:0x7f4a17aa940a [ 940.465415] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89 [ 940.467418] RSP: 002b:7ffc3612cac8 EFLAGS: 0246 ORIG_RAX: 002c [ 940.468284] RAX: ffda RBX: 00c3b3b0 RCX: 7f4a17aa940a [ 940.469057] RDX: 0024 RSI: 00c3b3b0 RDI: 0003 [ 940.469852] RBP: 00c3b2a0 R08: 7f4a17ba4200 R09: 000c [
[Kernel-packages] [Bug 2053155] Re: Add DPLL and syncE support
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2053155 Title: Add DPLL and syncE support Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: * intro Synchronous Ethernet, or SyncE, is an ITU-T standard for computer networking that facilitates the transference of clock signals over the Ethernet physical layer. It is used to pass timing from node to node and is particularly important for mobile networks. The DPLL subsystem in the Linux kernel provides a general interface for configuring devices that use any kind of Digital PLL. This subsystem is designed to manage the clock signal synchronization of a device with an external clock signal. * Explain the bug(s) We need to support mlx5 SyncE feature. The following patches are needed. [net-next,v8,0/9] Create common DPLL configuration API [net-next,v8,1/9] dpll: documentation on DPLL subsystem interface [net-next,v8,2/9] dpll: spec: Add Netlink spec in YAML [net-next,v8,3/9] dpll: core: Add DPLL framework base functions [net-next,v8,4/9] dpll: netlink: Add DPLL framework base functions [net-next,v8,5/9] netdev: expose DPLL pin handle for netdevice [net-next,v8,6/9] ice: add admin commands to access cgu configuration [net-next,v8,7/9] ice: implement dpll interface to control cgu [net-next,v8,8/9] ptp_ocp: implement DPLL ops [net-next,v8,9/9] mlx5: Implement SyncE support using DPLL infrastructure https://lore.kernel.org/netdev/20230913204943.1051233-1-vadim.fedore...@linux.dev/ * Brief explanation of fixes We identify several dependent patches, especially related to netlink gap between current master-next. We cherry-pick/backport series of patches related to netlink. * How to test $ sudo ./tools/net/ynl/cli.py --spec Documentation/netlink/specs/dpll.yaml \ --dump device-get ex: root@bfqa-dell013-roy-oob:~/mlnx-ofa_kernel-4.0# /root/tools-net/ynl/cli.py --spec ~/netlink/specs/dpll.yaml --dump device-get [{'clock-id': 5237736944144095348, 'id': 0, 'lock-status': 'unlocked', 'mode': 'manual', 'mode-supported': ['manual'], 'module-name': 'mlx5_core', 'type': 'eec'}] $ sudo ./tools/net/ynl/cli.py --spec Documentation/netlink/specs/dpll.yaml \ --do pin-get ex: root@bfqa-dell013-roy-oob:~# /root/tools-net/ynl/cli.py --spec ~/netlink/specs/dpll.yaml --dump pin-get [{'capabilities': 4, 'clock-id': 5237736944144095348, 'id': 0, 'module-name': 'mlx5_core', 'parent-device': [{'direction': 'input', 'parent-id': 0, 'state': 'disconnected'}], 'phase-adjust-max': 0, 'phase-adjust-min': 0, 'type': 'synce-eth-port'}, {'capabilities': 4, 'clock-id': 5237736944144095348, 'id': 1, 'module-name': 'mlx5_core', 'parent-device': [{'direction': 'input', 'parent-id': 0, 'state': 'disconnected'}], 'phase-adjust-max': 0, 'phase-adjust-min': 0, 'type': 'synce-eth-port'}] * detect whether your device supports DPLL/SyncE root@bfqa-dell013-roy-oob:~/linux-bluefield-jammy# mlxreg -d 03:00.0 --reg_name MCAM --get -i "access_reg_group=2,feature_group=0" Field Name| Data === access_reg_group | 0x0002 feature_group | 0x mng_access_reg_cap_mask[0]| 0x0004 mng_access_reg_cap_mask[1]| 0x0060 --> must see 6 OR, $ mlxfwmanager showing “Enhanced-SyncE & PTP GM support”, * list of patches applied to 5.15 jammy based on 911f816f4c04 mlxbf_gige: fix receive packet race condition we applied the following 83a11d94c436 UBUNTU: SAUCE: fix build error after resv_start_op 036b2fecd315 genetlink: allow families to use split ops directly 9f40a82f73ea genetlink: inline old iteration helpers d8ae137b98fc genetlink: use iterator in the op to policy map dumping 095792a3a723 genetlink: add iterator for walking family ops 764747ba0085 genetlink: limit the use of validation workarounds to old ops 35b95f016392 genetlink: inline genl_get_cmd() c448680485e6 genetlink: support split policies in ctrl_dumppolicy_put_op() a17efffb8ce8 genetlink: add policies for both doit and dumpit in ctrl_dumppolicy_start() 82af441de2fa genetlink: check for callback type at op load time dc17c9675d6d genetlink: load policy based on validation flags d867b1e130d3 genetlink: move the private fields in struct genl_family b515a3664ef5 genetlink: piggy back on resv_op to default to a reject policy 1fa6e0ec60a4 genetlink: refactor the cmd <> policy mapping dump c8ba54011c1d netlink: add helpers for
[Kernel-packages] [Bug 2056364] Re: Add test script for DPLL
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2056364 Title: Add test script for DPLL Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Jammy: Fix Committed Bug description: * intro In bug 2053155 "Add DPLL and syncE support" below: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2053155 It requires using a yaml spec file, dpll.yaml, and a python script, cli.py, to verify the correctness. ex: $ sudo ./tools/net/ynl/cli.py --spec Documentation/netlink/specs/dpll.yaml \ --dump device-get We've found that the script and spec file are missing in current repo (Ubuntu-bluefield-5.15.0-1037.39). * how to fix Since the existing Bluefield-5.15 doesn't have the tools/net/ynl directory, the efforts to cherry-pick all individual patches shouldn't be too hard due to no dependencies and most likely no conflict, but there are around 200 patches in tools/net/ynl $ git log --oneline tools/net/ynl/ | wc -l 205 and for Documentation/netlink/genetlink.yaml (a dependent file for dpll.yaml) $ git log --oneline Documentation/netlink/genetlink.yaml | wc -l 15 So we decided to just create a new patch consisting all the required files, shown below: create mode 100644 Documentation/netlink/genetlink.yaml create mode 100644 tools/net/ynl/cli.py create mode 100644 tools/net/ynl/lib/__init__.py create mode 100644 tools/net/ynl/lib/nlspec.py create mode 100644 tools/net/ynl/lib/ynl.py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2056364/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2056718] Re: openvswitch gentling validation warning: missing .resv_start_op
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2056718 Title: openvswitch gentling validation warning: missing .resv_start_op Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Jammy: Fix Committed Bug description: Intro: == When hit a kernel warning when loading openvswitch kernel module. Digging into the source code, we found it's due to the code snippet if (WARN_ON(i.cmd >= family->resv_start_op && (i.doit.validate || i.dumpit.validate))) return -EINVAL; in the gene_validate_ops() in net/netlink/genetlink.c, introduced in 108880a07bab genetlink: add iterator for walking family ops from buglink about DPLL/SynCE https://bugs.launchpad.net/bugs/2053155 How to fix: === We need to cherry-pick the missing patch Fixes: e4ba4554209f ("net: openvswitch: add missing .resv_start_op") Author: Jakub Kicinski Date: Thu Oct 27 20:25:01 2022 -0700 net: openvswitch: add missing .resv_start_op I missed one of the families in OvS when annotating .resv_start_op. This triggers the warning added in commit ce48ebdd5651 ("genetlink: limit the use of validation workarounds to old ops"). Reported-by: syzbot+40eb8c0447c0e47a7...@syzkaller.appspotmail.com Fixes: 9c5d03d36251 ("genetlink: start to validate reserved header bytes") Link: https://lore.kernel.org/r/20221028032501.2724270-1-k...@kernel.org Signed-off-by: Jakub Kicinski Thanks! How to reproduce: = simply load the openvswitch.ko and dmesg [ 1083.518212] WARNING: CPU: 2 PID: 17269 at net/netlink/genetlink.c:554 genl_validate_ops+0x134/0x254 ... [ 1083.518306] CPU: 2 PID: 17269 Comm: modprobe Tainted: GW OE 5.15.0-1037.39.10.g319565b-bluefield #g319565b [ 1083.518309] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.7.0.13056 Feb 28 2024 [ 1083.518311] pstate: 0049 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1083.518313] pc : genl_validate_ops+0x134/0x254 [ 1083.518315] lr : genl_validate_ops+0x68/0x254 [ 1083.518317] sp : 8a773810 [ 1083.518318] x29: 8a773810 x28: 8a773ba0 x27: b1ea36f87318 [ 1083.518321] x26: b1ea36f8cd20 x25: 0001 x24: b1ea36f8cda8 [ 1083.518323] x23: x22: 0001 x21: b1ea36f87210 [ 1083.518325] x20: b1ea36f8b410 x19: 0001 x18: [ 1083.518328] x17: 000d00020008 x16: b1ea4b70c2d0 x15: 003c00010006 [ 1083.518330] x14: 68746170 x13: x12: 0001 [ 1083.518332] x11: x10: x9 : b1ea4b709a5c [ 1083.518335] x8 : x7 : x6 : b1ea4d4218c0 [ 1083.518337] x5 : 0004 x4 : x3 : 0001 [ 1083.518339] x2 : x1 : x0 : 0003 [ 1083.518341] Call trace: [ 1083.518343] genl_validate_ops+0x134/0x254 [ 1083.518344] genl_register_family+0x30/0x1f4 [ 1083.518347] dp_init+0xd4/0x174 [openvswitch] [ 1083.518360] do_one_initcall+0x4c/0x250 [ 1083.518364] do_init_module+0x50/0x260 [ 1083.518368] load_module+0x9fc/0xbe0 [ 1083.518370] __do_sys_finit_module+0xa8/0x114 [ 1083.518372] __arm64_sys_finit_module+0x28/0x3c [ 1083.518375] invoke_syscall+0x78/0x100 [ 1083.518379] el0_svc_common.constprop.0+0x54/0x184 [ 1083.518381] do_el0_svc+0x30/0xac [ 1083.518383] el0_svc+0x48/0x160 [ 1083.518387] el0t_64_sync_handler+0xa4/0x12c [ 1083.518390] el0t_64_sync+0x1a4/0x1a8 [ 1083.518392] ---[ end trace ec4279298c2ae7be ]--- [ 1083.830668] openvswitch: Open vSwitch switching datapath To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2056718/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2044427] Re: Kernel panic in restart driver after configuring IPsec full offload
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2044427 Title: Kernel panic in restart driver after configuring IPsec full offload Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: Bug description: Restarting the driver with IPsec full offload transparent mode configuration causes kernel panic. Kernel version is linux-bluefield 5.15 Test step: 1) configure xfrm rules 2) configure VF 3) configure FW steering mode 4) restart driver 5) check dmesg Test result: [ 937.989359] [ cut here ] [ 937.989786] WARNING: CPU: 11 PID: 60463 at /tmp/23.10-0.1.8/6.5.0-rc6_mlnx/fedora_32/mlnx-ofa_kernel/BUILD/mlnx-ofa_kernel-23.10/obj/default/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c:1828 mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 937.991650] Modules linked in: esp4_offload esp4 esp6_offload esp6 act_tunnel_key vxlan act_mirred act_skbedit cls_matchall act_gact cls_flower sch_ingress vringh vhost_iotlb udp_diag tcp_diag inet_diag iptable_raw mst_pciconf(OE) bonding ip6_gre ip6_tunnel tunnel6 vfio_pci vfio_pci_core vfio_iommu_type1 vfio ipip tunnel4 geneve ip6_udp_tunnel udp_tunnel ip_gre ip_tunnel gre rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) ib_uverbs(OE) mlx5_core(OE-) mlxdevm(OE) ib_core(OE) mlx_compat(OE) mlxfw(OE) memtrack(OE) pci_hyperv_intf openvswitch nsh nf_conncount nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_filter iptable_nat nf_nat br_netfilter bridge stp llc rfkill overlay kvm_intel sch_fq_codel kvm iTCO_wdt irqbypass iTCO_vendor_support crc32_pclmul pcspkr ghash_clmulni_intel i2c_i801 lpc_ich sha512_ssse3 i2c_smbus mfd_core sunrpc drm i2c_ core ip_tables crc32c_intel serio_raw [ 937.991698] fuse virtio_net net_failover failover [last unloaded: vdpa] [ 937.999155] CPU: 11 PID: 60463 Comm: modprobe Tainted: G OE 6.5.0-rc6_mlnx #1 [ 937.999891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 938.000823] RIP: 0010:mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.001459] Code: f6 45 31 c0 48 89 ea 31 ff e8 d4 d5 df ff 59 e9 8c fe ff ff c3 0f 0b e9 3b fe ff ff 0f 0b e9 e8 fd ff ff 0f 0b e9 07 fe ff ff <0f> 0b e9 65 fe ff ff 0f 0b e9 82 fe ff ff 66 2e 0f 1f 84 00 00 00 [ 938.002949] RSP: 0018:c90001183c08 EFLAGS: 00010202 [ 938.003418] RAX: RBX: 8882f3869c00 RCX: 0001 [ 938.004024] RDX: 82a305c0 RSI: 0002 RDI: 888103aa2b30 [ 938.004624] RBP: 888103aa2d80 R08: 0001 R09: 888100042800 [ 938.005238] R10: 0002 R11: c90001183ba8 R12: 8881312e6800 [ 938.005836] R13: 8881127401a0 R14: 8881312e6800 R15: 888148bbd160 [ 938.006444] FS: 7fd22b82c740() GS:5fac() knlGS: [ 938.009456] CS: 0010 DS: ES: CR0: 80050033 [ 938.009970] CR2: 7f26ca697000 CR3: 00012e73f003 CR4: 00770ee0 [ 938.010568] DR0: DR1: DR2: [ 938.011173] DR3: DR6: fffe0ff0 DR7: 0400 [ 938.011772] PKRU: 5554 [ 938.012065] Call Trace: [ 938.012333] [ 938.012583] ? __warn+0x7d/0x120 [ 938.012921] ? mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.013494] ? report_bug+0xf1/0x1c0 [ 938.013850] ? handle_bug+0x44/0x70 [ 938.014201] ? exc_invalid_op+0x13/0x60 [ 938.014568] ? asm_exc_invalid_op+0x16/0x20 [ 938.014970] ? mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.015532] ? mlx5e_accel_ipsec_fs_cleanup+0xf2/0x2b0 [mlx5_core] [ 938.016093] mlx5e_ipsec_cleanup+0x1e/0x100 [mlx5_core] [ 938.016594] mlx5e_detach_netdev+0x46/0x80 [mlx5_core] [ 938.017098] mlx5e_vport_rep_unload+0x147/0x1a0 [mlx5_core] [ 938.017623] mlx5_eswitch_unregister_vport_reps+0x13e/0x190 [mlx5_core] [ 938.018221] auxiliary_bus_remove+0x18/0x30 [ 938.018616] device_release_driver_internal+0xaa/0x130 [ 938.019076] bus_remove_device+0xc3/0x130 [ 938.019451] device_del+0x157/0x380 [ 938.019792] ? kobject_put+0xb3/0x200 [ 938.020153] delete_drivers+0x72/0xa0 [mlx5_core] [ 938.020608] mlx5_unregister_device+0x34/0x70 [mlx5_core] [ 938.021113] mlx5_uninit_one+0x25/0x130 [mlx5_core] [ 938.021572] remove_one+0x72/0xc0 [mlx5_core] [ 938.022002]
[Kernel-packages] [Bug 2044427] [NEW] Kernel panic in restart driver after configuring IPsec full offload
Public bug reported: Bug description: Restarting the driver with IPsec full offload transparent mode configuration causes kernel panic. Kernel version is linux-bluefield 5.15 Test step: 1) configure xfrm rules 2) configure VF 3) configure FW steering mode 4) restart driver 5) check dmesg Test result: [ 937.989359] [ cut here ] [ 937.989786] WARNING: CPU: 11 PID: 60463 at /tmp/23.10-0.1.8/6.5.0-rc6_mlnx/fedora_32/mlnx-ofa_kernel/BUILD/mlnx-ofa_kernel-23.10/obj/default/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c:1828 mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 937.991650] Modules linked in: esp4_offload esp4 esp6_offload esp6 act_tunnel_key vxlan act_mirred act_skbedit cls_matchall act_gact cls_flower sch_ingress vringh vhost_iotlb udp_diag tcp_diag inet_diag iptable_raw mst_pciconf(OE) bonding ip6_gre ip6_tunnel tunnel6 vfio_pci vfio_pci_core vfio_iommu_type1 vfio ipip tunnel4 geneve ip6_udp_tunnel udp_tunnel ip_gre ip_tunnel gre rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) ib_uverbs(OE) mlx5_core(OE-) mlxdevm(OE) ib_core(OE) mlx_compat(OE) mlxfw(OE) memtrack(OE) pci_hyperv_intf openvswitch nsh nf_conncount nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_filter iptable_nat nf_nat br_netfilter bridge stp llc rfkill overlay kvm_intel sch_fq_codel kvm iTCO_wdt irqbypass iTCO_vendor_support crc32_pclmul pcspkr ghash_clmulni_intel i2c_i801 lpc_ich sha512_ssse3 i2c_smbus mfd_core sunrpc drm i2c_co re ip_tables crc32c_intel serio_raw [ 937.991698] fuse virtio_net net_failover failover [last unloaded: vdpa] [ 937.999155] CPU: 11 PID: 60463 Comm: modprobe Tainted: G OE 6.5.0-rc6_mlnx #1 [ 937.999891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 938.000823] RIP: 0010:mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.001459] Code: f6 45 31 c0 48 89 ea 31 ff e8 d4 d5 df ff 59 e9 8c fe ff ff c3 0f 0b e9 3b fe ff ff 0f 0b e9 e8 fd ff ff 0f 0b e9 07 fe ff ff <0f> 0b e9 65 fe ff ff 0f 0b e9 82 fe ff ff 66 2e 0f 1f 84 00 00 00 [ 938.002949] RSP: 0018:c90001183c08 EFLAGS: 00010202 [ 938.003418] RAX: RBX: 8882f3869c00 RCX: 0001 [ 938.004024] RDX: 82a305c0 RSI: 0002 RDI: 888103aa2b30 [ 938.004624] RBP: 888103aa2d80 R08: 0001 R09: 888100042800 [ 938.005238] R10: 0002 R11: c90001183ba8 R12: 8881312e6800 [ 938.005836] R13: 8881127401a0 R14: 8881312e6800 R15: 888148bbd160 [ 938.006444] FS: 7fd22b82c740() GS:5fac() knlGS: [ 938.009456] CS: 0010 DS: ES: CR0: 80050033 [ 938.009970] CR2: 7f26ca697000 CR3: 00012e73f003 CR4: 00770ee0 [ 938.010568] DR0: DR1: DR2: [ 938.011173] DR3: DR6: fffe0ff0 DR7: 0400 [ 938.011772] PKRU: 5554 [ 938.012065] Call Trace: [ 938.012333] [ 938.012583] ? __warn+0x7d/0x120 [ 938.012921] ? mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.013494] ? report_bug+0xf1/0x1c0 [ 938.013850] ? handle_bug+0x44/0x70 [ 938.014201] ? exc_invalid_op+0x13/0x60 [ 938.014568] ? asm_exc_invalid_op+0x16/0x20 [ 938.014970] ? mlx5e_accel_ipsec_fs_cleanup+0x298/0x2b0 [mlx5_core] [ 938.015532] ? mlx5e_accel_ipsec_fs_cleanup+0xf2/0x2b0 [mlx5_core] [ 938.016093] mlx5e_ipsec_cleanup+0x1e/0x100 [mlx5_core] [ 938.016594] mlx5e_detach_netdev+0x46/0x80 [mlx5_core] [ 938.017098] mlx5e_vport_rep_unload+0x147/0x1a0 [mlx5_core] [ 938.017623] mlx5_eswitch_unregister_vport_reps+0x13e/0x190 [mlx5_core] [ 938.018221] auxiliary_bus_remove+0x18/0x30 [ 938.018616] device_release_driver_internal+0xaa/0x130 [ 938.019076] bus_remove_device+0xc3/0x130 [ 938.019451] device_del+0x157/0x380 [ 938.019792] ? kobject_put+0xb3/0x200 [ 938.020153] delete_drivers+0x72/0xa0 [mlx5_core] [ 938.020608] mlx5_unregister_device+0x34/0x70 [mlx5_core] [ 938.021113] mlx5_uninit_one+0x25/0x130 [mlx5_core] [ 938.021572] remove_one+0x72/0xc0 [mlx5_core] [ 938.022002] pci_device_remove+0x31/0xb0 [ 938.022376] device_release_driver_internal+0xaa/0x130 [ 938.022827] driver_detach+0x3f/0x80 [ 938.023181] bus_remove_driver+0x69/0xe0 [ 938.023553] pci_unregister_driver+0x22/0x90 [ 938.023957] mlx5_cleanup+0xc/0x4c [mlx5_core] [ 938.024384] __x64_sys_delete_module+0x157/0x280 [ 938.024806] do_syscall_64+0x34/0x80 [ 938.025163] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 938.025616] RIP: 0033:0x7fd22b93812b [ 938.025969] Code: 73 01 c3 48 8b 0d 6d 0d 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00
[Kernel-packages] [Bug 2034578] Re: Support IPSEC full offload implementation
** Tags removed: verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2034578 Title: Support IPSEC full offload implementation Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: Host 1 Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.1/24 up BF on host 1: Set steering mode to "dmfs". By default, it is "smfs" and not supported for now. /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir out tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir in tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode transport aead 'rfc4106(gcm(aes))' 0x20f01f80a26f633d85617465686c32552c92c42f 128 offload packet dev p0 dir out sel src 2.2.2.2/16 dst 2.2.2.3/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir in sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 OVS configure. Clear all bridges before configure if there's already default bridges in BF. ovs-vsctl set Open_vSwitch . other_config:hw-offload=false # need to restart ovs after setting this command ovs-vsctl add-br br-int ovs-vsctl add-port br-int pf0vf0 -- set interface pf0vf0 options:representor=[0] ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:local_ip=2.2.2.2 options:remote_ip=2.2.2.3 options:dst_port=4789 Configure IP ifconfig p0 2.2.2.2/16 up Host2: Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.2/24 up BF on host 2 Set steering mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir out tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir in tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir out sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode
[Kernel-packages] [Bug 2034578] Re: Support IPSEC full offload implementation
** Tags removed: kernel-spammed-jammy-linux-bluefield-v2 verification-needed-jammy-linux-bluefield ** Tags added: verification-done-jammy-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2034578 Title: Support IPSEC full offload implementation Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: Host 1 Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.1/24 up BF on host 1: Set steering mode to "dmfs". By default, it is "smfs" and not supported for now. /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir out tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir in tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode transport aead 'rfc4106(gcm(aes))' 0x20f01f80a26f633d85617465686c32552c92c42f 128 offload packet dev p0 dir out sel src 2.2.2.2/16 dst 2.2.2.3/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir in sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 OVS configure. Clear all bridges before configure if there's already default bridges in BF. ovs-vsctl set Open_vSwitch . other_config:hw-offload=false # need to restart ovs after setting this command ovs-vsctl add-br br-int ovs-vsctl add-port br-int pf0vf0 -- set interface pf0vf0 options:representor=[0] ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:local_ip=2.2.2.2 options:remote_ip=2.2.2.3 options:dst_port=4789 Configure IP ifconfig p0 2.2.2.2/16 up Host2: Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.2/24 up BF on host 2 Set steering mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir out tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir in tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir out sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp
[Kernel-packages] [Bug 2034578] Re: Support IPSEC full offload implementation
** Tags removed: kernel-spammed-jammy-linux-bluefield-v2 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2034578 Title: Support IPSEC full offload implementation Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: Host 1 Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.1/24 up BF on host 1: Set steering mode to "dmfs". By default, it is "smfs" and not supported for now. /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir out tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir in tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode transport aead 'rfc4106(gcm(aes))' 0x20f01f80a26f633d85617465686c32552c92c42f 128 offload packet dev p0 dir out sel src 2.2.2.2/16 dst 2.2.2.3/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir in sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 OVS configure. Clear all bridges before configure if there's already default bridges in BF. ovs-vsctl set Open_vSwitch . other_config:hw-offload=false # need to restart ovs after setting this command ovs-vsctl add-br br-int ovs-vsctl add-port br-int pf0vf0 -- set interface pf0vf0 options:representor=[0] ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:local_ip=2.2.2.2 options:remote_ip=2.2.2.3 options:dst_port=4789 Configure IP ifconfig p0 2.2.2.2/16 up Host2: Enable sriov and set namespace. ip link set eth2 up echo '1' > /sys/class/net/eth2/device/sriov_numvfs ip netns add nt1 ip link set eth4 netns nt1 ip netns exec nt1 ifconfig eth4 11.11.11.2/24 up BF on host 2 Set steering mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev IPSec configure /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir out tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir in tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet dev p0 dir out sel src 2.2.2.3/16 dst 2.2.2.2/16 flag esn replay-window 64 /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode transport aead 'rfc4106(gcm(aes))'
[Kernel-packages] [Bug 2034578] Re: Support IPSEC full offload implementation
** Description changed: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: - Host 1: + Host 1 + Enable sriov and set namespace. + + ip link set eth2 up + echo '1' > /sys/class/net/eth2/device/sriov_numvfs + ip netns add nt1 + ip link set eth4 netns nt1 + ip netns exec nt1 ifconfig eth4 11.11.11.1/24 up + + BF on host 1: + Set steering mode to "dmfs". By default, it is "smfs" and not supported for now. + /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev - - BF on host 1: - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir out tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0xefa83812 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir in tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir fwd tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165/16 dst 196.234.182.166/16 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 - /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.182.166/16 dst 196.234.181.165/16 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.182.166/16 dst 196.234.181.165/16 flag esn replay-window 32 - - Start OVS and set following configure on BF: - /usr/bin/ovs-vsctl set Open_vSwitch . other_config:hw-offload=true - /usr/bin/ovs-vsctl set Open_vSwitch . other_config:max-idle=30 - - Host2: + /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev - BF on host 2: - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir out tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0xefa83812 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir in tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir fwd tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 - /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 - /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 + IPSec configure + /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.2 dst 2.2.2.3 offload packet dev p0 dir out tmpl src 2.2.2.2/16 dst 2.2.2.3/16 proto esp reqid 0xb29ed314 mode transport priority 12 + /opt/mellanox/iproute2/sbin/ip xfrm policy add src 2.2.2.3 dst 2.2.2.2 offload packet dev p0 dir in tmpl src 2.2.2.3/16 dst 2.2.2.2/16 proto esp reqid 0xc35aa26e mode transport priority 12 + /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.2/16 dst 2.2.2.3/16 proto esp spi 0xb29ed314 reqid 0xb29ed314 mode transport aead 'rfc4106(gcm(aes))' 0x20f01f80a26f633d85617465686c32552c92c42f 128 offload packet dev p0 dir out sel src 2.2.2.2/16 dst 2.2.2.3/16 flag esn replay-window 64 + /opt/mellanox/iproute2/sbin/ip xfrm state add src 2.2.2.3/16 dst 2.2.2.2/16 proto esp spi 0xc35aa26e reqid 0xc35aa26e mode transport aead 'rfc4106(gcm(aes))' 0x6cb228189b4c6e82e66e46920a2cde39187de4ba 128 offload packet
[Kernel-packages] [Bug 2034578] Re: Support IPSEC full offload implementation
** Merge proposal linked: https://code.launchpad.net/~yifeid/ubuntu/+source/linux-bluefield/+git/linux-bluefield/+merge/450800 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2034578 Title: Support IPSEC full offload implementation Status in linux-bluefield package in Ubuntu: New Bug description: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: Host 1: /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev BF on host 1: /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir out tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0xefa83812 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir in tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir fwd tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165/16 dst 196.234.182.166/16 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.182.166/16 dst 196.234.181.165/16 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.182.166/16 dst 196.234.181.165/16 flag esn replay-window 32 Start OVS and set following configure on BF: /usr/bin/ovs-vsctl set Open_vSwitch . other_config:hw-offload=true /usr/bin/ovs-vsctl set Open_vSwitch . other_config:max-idle=30 Host2: /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev BF on host 2: /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir out tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0xefa83812 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir in tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir fwd tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 Start OVS and set following configure on BF: /usr/bin/ovs-vsctl set Open_vSwitch . other_config:hw-offload=true /usr/bin/ovs-vsctl set Open_vSwitch . other_config:max-idle=30 Send the traffic between host 1 and host 2 and check IPsec counters in "ethtool -S" statistics on both BF. How to fix: Need to backport a series of xfrm patches into BlueField 5.15 kernel, from 6.0 upstream kernel. Patches needed for 5.15 kernel: afe9e47 xfrm: fix conflict for netdev and tx stats 6aff54d xfrm: don't skip free of empty state in acquire policy 692fecb xfrm: delete offloaded policy 91b6276 xfrm: Support UDP encapsulation in packet offload mode 69e168a xfrm: add missed call to delete offloaded policies 9724724 xfrm: release all offloaded policy memory e57b7ec xfrm: don't require advance ESN callback for packet offload 9e98488 xfrm:
[Kernel-packages] [Bug 2034578] [NEW] Support IPSEC full offload implementation
Public bug reported: Summary: Align Kernel IPsec Full offload implementation in the DPU to the upstream Full offload in all components: OFED, Strongswan, etc. This is in order for DPU Kernel IPsec to include policy offload and be fully aligned to what CX Kernel customers will use. How to test: Host 1: /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.0/net/p0/compat/devlink/steering_mode echo 'full' > /sys/class/net/p0/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.0 mode switchdev BF on host 1: /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir out tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0xefa83812 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir in tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir fwd tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165/16 dst 196.234.182.166/16 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.182.166/16 dst 196.234.181.165/16 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.182.166/16 dst 196.234.181.165/16 flag esn replay-window 32 Start OVS and set following configure on BF: /usr/bin/ovs-vsctl set Open_vSwitch . other_config:hw-offload=true /usr/bin/ovs-vsctl set Open_vSwitch . other_config:max-idle=30 Host2: /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode legacy echo 'dmfs' > /sys/bus/pci/devices/:03:00.1/net/p1/compat/devlink/steering_mode echo 'full' > /sys/class/net/p1/compat/devlink/ipsec_mode /opt/mellanox/iproute2/sbin/devlink dev eswitch set pci/:03:00.1 mode switchdev BF on host 2: /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.182.166 dst 196.234.181.165 dir out tmpl src 196.234.182.166/16 dst 196.234.181.165/16 proto esp reqid 0xefa83812 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir in tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm policy add src 196.234.181.165 dst 196.234.182.166 dir fwd tmpl src 196.234.181.165/16 dst 196.234.182.166/16 proto esp reqid 0x63a7db74 mode transport priority 10 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0xefa83812 reqid 0xefa83812 mode transport aead 'rfc4106(gcm(aes))' 0xe2fe3857301d8f72b5d71d295a462ef21868e407 128 offload packet dev p0 dir out sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 /opt/mellanox/iproute2/sbin/ip xfrm state add src 196.234.181.165 dst 196.234.182.166 proto esp spi 0x63a7db74 reqid 0x63a7db74 mode transport aead 'rfc4106(gcm(aes))' 0xe916c4d0db1886e8c877b023e8cebef53b4d2d0f 128 offload packet dev p0 dir in sel src 196.234.181.165/16 dst 196.234.182.166/16 flag esn replay-window 32 Start OVS and set following configure on BF: /usr/bin/ovs-vsctl set Open_vSwitch . other_config:hw-offload=true /usr/bin/ovs-vsctl set Open_vSwitch . other_config:max-idle=30 Send the traffic between host 1 and host 2 and check IPsec counters in "ethtool -S" statistics on both BF. How to fix: Need to backport a series of xfrm patches into BlueField 5.15 kernel, from 6.0 upstream kernel. Patches needed for 5.15 kernel: afe9e47 xfrm: fix conflict for netdev and tx stats 6aff54d xfrm: don't skip free of empty state in acquire policy 692fecb xfrm: delete offloaded policy 91b6276 xfrm: Support UDP encapsulation in packet offload mode 69e168a xfrm: add missed call to delete offloaded policies 9724724 xfrm: release all offloaded policy memory e57b7ec xfrm: don't require advance ESN callback for packet offload 9e98488 xfrm: copy_to_user_state fetch offloaded SA packets/bytes statistics 4778c10 xfrm: add new device offload acquire flag 2601c94 netlink: provide an ability to set default extack message b4951d5 netlink: add support for formatted extack messages b5dd0fa xfrm: extend add state callback to set failure reason 326a004 xfrm: extend add policy callback to set failure reason 40b173d1 xfrm: document IPsec packet offload mode b1737ae xfrm: add support to HW update soft and hard limits cad4cd7 xfrm: speed-up
[Kernel-packages] [Bug 2019264] Re: net/sched: act_ct: offload UDP NEW connections
** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2019264 Title: net/sched: act_ct: offload UDP NEW connections Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: * Explain the bug(s) UDP single sided connections aren't offloaded. * brief explanation of fixes Add support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. Single sided udp connections aren't offloaded. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2019264/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2024432] Re: net/sched: act_ct: Fix promotion of offloaded unreplied tuple
** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2024432 Title: net/sched: act_ct: Fix promotion of offloaded unreplied tuple Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Jammy: Fix Committed Bug description: * Explain the bug(s) Currently UNREPLIED and UNASSURED connections are added to the nf flow table. This causes the following connection packets to be processed by the flow table which then skips conntrack_in(), and thus such the connections will remain UNREPLIED and UNASSURED even if reply traffic is then seen. Even still, the unoffloaded reply packets are the ones triggering hardware update from new to established state, and if there aren't any to triger an update and/or previous update was missed, hardware can get out of sync with sw and still mark packets as new. * brief explanation of fixes 1) Not skipping conntrack_in() for UNASSURED packets, but still refresh for hardware, as before the cited patch. 2) Try and force a refresh by reply-direction packets that update the hardware rules from new to established state. 3) Remove any bidirectional flows that didn't failed to update in hardware for re-insertion as bidirectional once any new packet arrives. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. The connections remain UNREPLIED and UNASSURED even if reply traffic is seen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2024432/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2024432] [NEW] net/sched: act_ct: Fix promotion of offloaded unreplied tuple
Public bug reported: * Explain the bug(s) Currently UNREPLIED and UNASSURED connections are added to the nf flow table. This causes the following connection packets to be processed by the flow table which then skips conntrack_in(), and thus such the connections will remain UNREPLIED and UNASSURED even if reply traffic is then seen. Even still, the unoffloaded reply packets are the ones triggering hardware update from new to established state, and if there aren't any to triger an update and/or previous update was missed, hardware can get out of sync with sw and still mark packets as new. * brief explanation of fixes 1) Not skipping conntrack_in() for UNASSURED packets, but still refresh for hardware, as before the cited patch. 2) Try and force a refresh by reply-direction packets that update the hardware rules from new to established state. 3) Remove any bidirectional flows that didn't failed to update in hardware for re-insertion as bidirectional once any new packet arrives. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. The connections remain UNREPLIED and UNASSURED even if reply traffic is seen ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2024432 Title: net/sched: act_ct: Fix promotion of offloaded unreplied tuple Status in linux-bluefield package in Ubuntu: New Bug description: * Explain the bug(s) Currently UNREPLIED and UNASSURED connections are added to the nf flow table. This causes the following connection packets to be processed by the flow table which then skips conntrack_in(), and thus such the connections will remain UNREPLIED and UNASSURED even if reply traffic is then seen. Even still, the unoffloaded reply packets are the ones triggering hardware update from new to established state, and if there aren't any to triger an update and/or previous update was missed, hardware can get out of sync with sw and still mark packets as new. * brief explanation of fixes 1) Not skipping conntrack_in() for UNASSURED packets, but still refresh for hardware, as before the cited patch. 2) Try and force a refresh by reply-direction packets that update the hardware rules from new to established state. 3) Remove any bidirectional flows that didn't failed to update in hardware for re-insertion as bidirectional once any new packet arrives. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. The connections remain UNREPLIED and UNASSURED even if reply traffic is seen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2024432/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2021930] [NEW] kdump cannot generate coredump file on bluefield with 5.4 kernel
Public bug reported: kdump cannot generate coredump file on bluefield with 5.4 kernel Bug description: Following the instruction in https://ubuntu.com/server/docs/kernel-crash-dump, the coredump file cannot be generated. Bluefield is running 5.4 kernel bf2:~$ uname -a Linux sw-mtx-008-bf2 5.4.0-1060-bluefield #66-Ubuntu SMP PREEMPT Mon Mar 27 15:52:50 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux crashkernel parameter is configured bf2:~$ cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-5.4.0-1060-bluefield root=UUID=52ddbe2c-ee4f-48d4-b7d4-ab76e264e438 ro console=hvc0 console=ttyAMA0 earlycon=pl011,0x0100 fixrtc net.ifnames=0 biosdevname=0 iommu.passthrough=1 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M bf2:~$ dmesg | grep -i crash [0.00] crashkernel reserved: 0xcfe0 - 0xefe0 (512 MB) [0.00] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-1060-bluefield root=UUID=52ddbe2c-ee4f-48d4-b7d4-ab76e264e438 ro console=hvc0 console=ttyAMA0 earlycon=pl011,0x0100 fixrtc net.ifnames=0 biosdevname=0 iommu.passthrough=1 crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M [8.070921] pstore: Using crash dump compression: deflate kdump-config is as below: bf2:~$ kdump-config show DUMP_MODE:kdump USE_KDUMP:1 KDUMP_SYSCTL: kernel.panic_on_oops=1 KDUMP_COREDIR:/var/crash crashkernel addr: 0x /var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-5.4.0-1060-bluefield kdump initrd: /var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-5.4.0-1060-bluefield current state:ready to kdump kexec command: /sbin/kexec -p --command-line="BOOT_IMAGE=/boot/vmlinuz-5.4.0-1060-bluefield root=UUID=52ddbe2c-ee4f-48d4-b7d4-ab76e264e438 ro console=hvc0 console=ttyAMA0 earlycon=pl011,0x0100 fixrtc net.ifnames=0 biosdevname=0 iommu.passthrough=1 reset_devices systemd.unit=kdump-tools-dump.service nr_cpus=1" --initrd=/var/lib/kdump/initrd.img /var/lib/kdump/vmlinuz sysrq: bf2:/# cat /proc/sys/kernel/sysrq 176 After trigged the crash manually with "echo c > /proc/sysrq-trigger", the system could not come up because of OOM. And after change the crashkernel with 1024M memory it still hangs. With default 512M, it hangs at "Killed process 674" [8.718188] systemd-journald[368]: File /var/log/journal/8244d38b2f804fc692f3f2dbf8206f57/system.journal corrupted or uncleanly shut down, renaming and re. [ 30.252513] Out of memory: Killed process 651 (systemd-resolve) total-vm:24380kB, anon-rss:3812kB, file-rss:1828kB, shmem-rss:0kB, UID:101 pgtables:80kB o0 ... [ 34.651927] Out of memory: Killed process 674 (dbus-daemon) total-vm:7884kB, anon-rss:552kB, file-rss:1380kB, shmem-rss:0kB, UID:103 pgtables:52kB oom_sco0 With 1024M, it hangs at following [8.733323] systemd-journald[369]: File /var/log/journal/8244d38b2f804fc692f3f2dbf8206f57/system.journal corrupted or uncleanly shut down, renaming and re. After soft reboot the Bluefield, there's no coredump file generated. bf2:~$ ls /var/crash/ -la total 52 drwxrwxrwt 3 root root4096 May 31 01:43 . drwxr-xr-x 14 root root4096 Apr 30 11:26 .. drwxrwxr-x 2 ubuntu ubuntu 4096 May 31 01:43 202305310143 -rw-r- 1 root root 34307 May 31 01:18 _usr_share_netplan_netplan.script.0.crash -rw-r--r-- 1 root root 0 May 31 03:47 kdump_lock -rw-r--r-- 1 root root 358 May 31 03:48 kexec_cmd bf2:~$ ls /var/crash/202305310143/ -la total 8 drwxrwxr-x 2 ubuntu ubuntu 4096 May 31 01:43 . drwxrwxrwt 3 root root 4096 May 31 01:43 .. This issue also happens on 5.4.0-1049-bluefield kernel. ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2021930 Title: kdump cannot generate coredump file on bluefield with 5.4 kernel Status in linux-bluefield package in Ubuntu: New Bug description: kdump cannot generate coredump file on bluefield with 5.4 kernel Bug description: Following the instruction in https://ubuntu.com/server/docs/kernel-crash-dump, the coredump file cannot be generated. Bluefield is running 5.4 kernel bf2:~$ uname -a Linux sw-mtx-008-bf2 5.4.0-1060-bluefield #66-Ubuntu SMP PREEMPT Mon Mar 27 15:52:50 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux crashkernel parameter is configured bf2:~$ cat /proc/cmdline
[Kernel-packages] [Bug 2016829] Re: Completely support vxlan and erspan for flower
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2016829 Title: Completely support vxlan and erspan for flower Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) vxlan and erspan are already supported for flower to allow flower to match vxlan and erspan options. It needs to support vxlan and erspan to act_tunnel_key and related bug fixes for the sake of completeness and to avoid bug in the future. * Brief explanation of fixes Cherry-pick. No adaptation. Add vxlan/erspan support for act_tunnel_key and bug fixes. c96adff95619 cls_flower: call nla_ok() before nla_next() 8e1b3ac47866 net: sched: initialize with 0 before setting erspan md->u e20d4ff2acd7 net: sched: add erspan option support to act_tunnel_key fca3f91cc38a net: sched: add vxlan option support to act_tunnel_key * How to test For vxlan support: It is to allow setting vxlan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options and vxlan options can't be set at the same time. gbp is the only param for vxlan options: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev eth0 ingress # tc filter add dev eth0 protocol ip parent : \ flower indev eth0 \ ip_proto udp \ action tunnel_key \ set src_ip 10.0.99.192 \ dst_ip 10.0.99.193 \ dst_port 6081 \ id 11 \ vxlan_opts 01020304 \ action mirred egress redirect dev vxlan0 For erspan support: It is to allow setting erspan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Options are expressed as ver:index:dir:hwid, when ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. # ip link add name erspan1 type erspan external # tc qdisc add dev eth0 ingress # tc filter add dev eth0 protocol ip parent : \ flower indev eth0 \ ip_proto udp \ action tunnel_key \ set src_ip 10.0.99.192 \ dst_ip 10.0.99.193 \ dst_port 6081 \ id 11 \ erspan_opts 1:2:0:0 \ action mirred egress redirect dev erspan1 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2016829/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2019264] [NEW] net/sched: act_ct: offload UDP NEW connections
Public bug reported: * Explain the bug(s) UDP single sided connections aren't offloaded. * brief explanation of fixes Add support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. Single sided udp connections aren't offloaded. ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2019264 Title: net/sched: act_ct: offload UDP NEW connections Status in linux-bluefield package in Ubuntu: New Bug description: * Explain the bug(s) UDP single sided connections aren't offloaded. * brief explanation of fixes Add support for to offload single sided UDP connections by offloading only one side, and offloading the second side when/if it comes. * How to test Create OVS bridge with 2 devices mlx5 rep devices. Enable HW offload and configure regular connection tracking OpenFlow rules: e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal" Run a UDP single sided connection, e.g iperf without a server: on mlx5 VF2 iperf -t 1 -c -u -b 10pps Optional: In different terminal, while traffic is running, check for offload: tcpdump -nnepi udp and see no iperf udp packets. Dump conntrack with relevant ip: cat /proc/net/nf_conntrack | grep -i | grep "\[UNREPLIED\]" | grep -q "\[OFFLOAD\]" If tuple appears, tuple was offloaded, yet unreplied. * What it could break. Single sided udp connections aren't offloaded. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2019264/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016829] [NEW] Completely support vxlan and erspan for flower
Public bug reported: * Explain the bug(s) vxlan and erspan are already supported for flower to allow flower to match vxlan and erspan options. It needs to support vxlan and erspan to act_tunnel_key and related bug fixes for the sake of completeness and to avoid bug in the future. * Brief explanation of fixes Cherry-pick. No adaptation. Add vxlan/erspan support for act_tunnel_key and bug fixes. c96adff95619 cls_flower: call nla_ok() before nla_next() 8e1b3ac47866 net: sched: initialize with 0 before setting erspan md->u e20d4ff2acd7 net: sched: add erspan option support to act_tunnel_key fca3f91cc38a net: sched: add vxlan option support to act_tunnel_key * How to test For vxlan support: It is to allow setting vxlan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options and vxlan options can't be set at the same time. gbp is the only param for vxlan options: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev eth0 ingress # tc filter add dev eth0 protocol ip parent : \ flower indev eth0 \ ip_proto udp \ action tunnel_key \ set src_ip 10.0.99.192 \ dst_ip 10.0.99.193 \ dst_port 6081 \ id 11 \ vxlan_opts 01020304 \ action mirred egress redirect dev vxlan0 For erspan support: It is to allow setting erspan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Options are expressed as ver:index:dir:hwid, when ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. # ip link add name erspan1 type erspan external # tc qdisc add dev eth0 ingress # tc filter add dev eth0 protocol ip parent : \ flower indev eth0 \ ip_proto udp \ action tunnel_key \ set src_ip 10.0.99.192 \ dst_ip 10.0.99.193 \ dst_port 6081 \ id 11 \ erspan_opts 1:2:0:0 \ action mirred egress redirect dev erspan1 * What it could break. Nothing. ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2016829 Title: Completely support vxlan and erspan for flower Status in linux-bluefield package in Ubuntu: New Bug description: * Explain the bug(s) vxlan and erspan are already supported for flower to allow flower to match vxlan and erspan options. It needs to support vxlan and erspan to act_tunnel_key and related bug fixes for the sake of completeness and to avoid bug in the future. * Brief explanation of fixes Cherry-pick. No adaptation. Add vxlan/erspan support for act_tunnel_key and bug fixes. c96adff95619 cls_flower: call nla_ok() before nla_next() 8e1b3ac47866 net: sched: initialize with 0 before setting erspan md->u e20d4ff2acd7 net: sched: add erspan option support to act_tunnel_key fca3f91cc38a net: sched: add vxlan option support to act_tunnel_key * How to test For vxlan support: It is to allow setting vxlan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options and vxlan options can't be set at the same time. gbp is the only param for vxlan options: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev eth0 ingress # tc filter add dev eth0 protocol ip parent : \ flower indev eth0 \ ip_proto udp \ action tunnel_key \ set src_ip 10.0.99.192 \ dst_ip 10.0.99.193 \ dst_port 6081 \ id 11 \ vxlan_opts 01020304 \ action mirred egress redirect dev vxlan0 For erspan support: It is to allow setting erspan options using the act_tunnel_key action. Different from geneve options, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Options are expressed as ver:index:dir:hwid, when ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. # ip link add name erspan1 type erspan
[Kernel-packages] [Bug 2015515] Re: net: sched: allow flower to match erspan options
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2015515 Title: net: sched: allow flower to match erspan options Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPTS_ERSPAN. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have ERSPAN support which might cause "ovs" project compile error because of lacking of ERSPAN related support if ovs supports ERSPAN. * Brief explanation of fixes Cherry-pick. No adaptation. Add ERSPAN support for flower to allow flower to match ERSPAN options 79b1011cb33d net: sched: allow flower to match erspan options * How to test The options can be described in the form: VER:INDEX:DIR:HWID/VER:INDEX_MASK:DIR_MASK:HWID_MASK. When ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. Different from geneve, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Here's an example: # ip link add name erspan1 type erspan external # tc qdisc add dev erspan1 ingress # tc filter add dev erspan1 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ erspan_opts 1:12:0:0/1::0:0 \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2015515/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013422] Re: net: sched: allow flower to match vxlan options
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2013422 Title: net: sched: allow flower to match vxlan options Status in linux-bluefield package in Ubuntu: Invalid Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have VXLAN support which will cause "ovs" project compile error because of lacking of VXALN GBP related support. * Brief explanation of fixes Cherry-pick. No adaptation. Add VXLAN support for flower to allow flower to match vxlan options d8f9dfae49ce net: sched: allow flower to match vxlan options * How to test 1) Compile "ovs" project, build succesfully. 2) VXLAN option can be used as match condition in tc. eg: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev vxlan0 ingress # tc filter add dev vxlan0 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ vxlan_opts 01020304/ \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2013422/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2015515] [NEW] net: sched: allow flower to match erspan options
Public bug reported: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPTS_ERSPAN. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have ERSPAN support which might cause "ovs" project compile error because of lacking of ERSPAN related support if ovs supports ERSPAN. * Brief explanation of fixes Cherry-pick. No adaptation. Add ERSPAN support for flower to allow flower to match ERSPAN options 79b1011cb33d net: sched: allow flower to match erspan options * How to test The options can be described in the form: VER:INDEX:DIR:HWID/VER:INDEX_MASK:DIR_MASK:HWID_MASK. When ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. Different from geneve, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Here's an example: # ip link add name erspan1 type erspan external # tc qdisc add dev erspan1 ingress # tc filter add dev erspan1 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ erspan_opts 1:12:0:0/1::0:0 \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2015515 Title: net: sched: allow flower to match erspan options Status in linux-bluefield package in Ubuntu: New Bug description: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPTS_ERSPAN. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have ERSPAN support which might cause "ovs" project compile error because of lacking of ERSPAN related support if ovs supports ERSPAN. * Brief explanation of fixes Cherry-pick. No adaptation. Add ERSPAN support for flower to allow flower to match ERSPAN options 79b1011cb33d net: sched: allow flower to match erspan options * How to test The options can be described in the form: VER:INDEX:DIR:HWID/VER:INDEX_MASK:DIR_MASK:HWID_MASK. When ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored. Different from geneve, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time. Here's an example: # ip link add name erspan1 type erspan external # tc qdisc add dev erspan1 ingress # tc filter add dev erspan1 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ erspan_opts 1:12:0:0/1::0:0 \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2015515/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2013422] [NEW] net: sched: allow flower to match vxlan options
Public bug reported: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have VXLAN support which will cause "ovs" project compile error because of lacking of VXALN GBP related support. * Brief explanation of fixes Cherry-pick. No adaptation. Add VXLAN support for flower to allow flower to match vxlan options d8f9dfae49ce net: sched: allow flower to match vxlan options * How to test 1) Compile "ovs" project, build succesfully. 2) VXLAN option can be used as match condition in tc. eg: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev vxlan0 ingress # tc filter add dev vxlan0 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ vxlan_opts 01020304/ \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/2013422 Title: net: sched: allow flower to match vxlan options Status in linux-bluefield package in Ubuntu: New Bug description: * Explain the bug(s) In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have VXLAN support which will cause "ovs" project compile error because of lacking of VXALN GBP related support. * Brief explanation of fixes Cherry-pick. No adaptation. Add VXLAN support for flower to allow flower to match vxlan options d8f9dfae49ce net: sched: allow flower to match vxlan options * How to test 1) Compile "ovs" project, build succesfully. 2) VXLAN option can be used as match condition in tc. eg: # ip link add name vxlan0 type vxlan dstport 0 external # tc qdisc add dev vxlan0 ingress # tc filter add dev vxlan0 protocol ip parent : \ flower \ enc_src_ip 10.0.99.192 \ enc_dst_ip 10.0.99.193 \ enc_key_id 11 \ vxlan_opts 01020304/ \ ip_proto udp \ action mirred egress redirect dev eth0 * What it could break. Nothing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2013422/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp