[Kernel-packages] [Bug 2008136] Re: Add HW offloaded CT stats

[William Tu]

** Description changed:

  * Explain the bug(s)
  
  When CT HW offload is enabled, the CT stats does not show the stats of the 
offloaded flow.
  Ex: using
  cat /proc/net/nf_conntrack, or conntrack -L
  shows only the software CT stats, not the offloaded CT stats
  
  * Brief explanation of fixes
  
  Cherry-pick. No adaptation. First commit for SW, second commit of HW 
offloaded rules.
  ef803b3cf96a netfilter: flowtable: add counter support in HW offload
  9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
  
  note: need to change a little due to cherry-pick conflict with
  24384e28586c netfilter: flowtable: Set offload timeouts according to proto 
values
  
  * How to test
+ Create OVS bridge with 2 devices mlx5 rep devices.
+ Enable HW offload and configure regular connection tracking OpenFlow rules:
  
- Enable nf_conn_acct, enable HW offload using OVS or tc-flower, and check ct 
stats.
- ex:
- ovs-vsctl get Open_vSwitch . other_config
- {hw-offload="true"}
- ovs-appctl dpctl/dump-flows type=offloaded
- ovs-appctl dpctl/dump-conntrack
+ e.g:
+     ovs-ofctl del-flows br-ovs
+     ovs-ofctl add-flow br-ovs arp,actions=normal
+     ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
+     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
+     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
  
+ 
+ Run a TCP connection, e.g:
+ on mlx5 VF1 iperf -s
+ on mlx5 VF2 iperf -c <ip> -t 10 
+ 
+ Optional: In different terminal, while traffic is running, check for offload:
+ tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
+ 
+ and see no iperf tcp packets.
+ Dump conntrack with relevant ip:
+ cat /proc/net/nf_conntrack | grep -i <ip>
+ 
+ See counters (packets=.*) advancing while tuples were offloaded:
+ ipv4     2 tcp      6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
+ 
+  
  * What it could break.
  
  Nothing.

** Summary changed:

- Add HW offloaded CT stats
+ netfilter: flowtable: add counter support in HW offload

** Description changed:

  * Explain the bug(s)
  
- When CT HW offload is enabled, the CT stats does not show the stats of the 
offloaded flow.
- Ex: using
- cat /proc/net/nf_conntrack, or conntrack -L
- shows only the software CT stats, not the offloaded CT stats
+ While conntrack tuples are offloaded to hardware and conntrack packet
+ accounting is enabled, offloaded packets aren't counted.
  
  * Brief explanation of fixes
  
  Cherry-pick. No adaptation. First commit for SW, second commit of HW 
offloaded rules.
  ef803b3cf96a netfilter: flowtable: add counter support in HW offload
  9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
  
  note: need to change a little due to cherry-pick conflict with
  24384e28586c netfilter: flowtable: Set offload timeouts according to proto 
values
  
  * How to test
  Create OVS bridge with 2 devices mlx5 rep devices.
  Enable HW offload and configure regular connection tracking OpenFlow rules:
  
  e.g:
-     ovs-ofctl del-flows br-ovs
-     ovs-ofctl add-flow br-ovs arp,actions=normal
-     ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
-     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
-     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
- 
+     ovs-ofctl del-flows br-ovs
+     ovs-ofctl add-flow br-ovs arp,actions=normal
+     ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
+     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
+     ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
  
  Run a TCP connection, e.g:
  on mlx5 VF1 iperf -s
- on mlx5 VF2 iperf -c <ip> -t 10 
+ on mlx5 VF2 iperf -c <ip> -t 10
  
  Optional: In different terminal, while traffic is running, check for offload:
  tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
  
  and see no iperf tcp packets.
  Dump conntrack with relevant ip:
  cat /proc/net/nf_conntrack | grep -i <ip>
  
  See counters (packets=.*) advancing while tuples were offloaded:
  ipv4     2 tcp      6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
  
-  
  * What it could break.
  
  Nothing.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/2008136

Title:
  netfilter: flowtable: add counter support in HW offload

Status in linux-bluefield package in Ubuntu:
  New

Bug description:
  * Explain the bug(s)

  While conntrack tuples are offloaded to hardware and conntrack packet
  accounting is enabled, offloaded packets aren't counted.

  * Brief explanation of fixes

  Cherry-pick. No adaptation. First commit for SW, second commit of HW 
offloaded rules.
  ef803b3cf96a netfilter: flowtable: add counter support in HW offload
  9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()

  note: need to change a little due to cherry-pick conflict with
  24384e28586c netfilter: flowtable: Set offload timeouts according to proto 
values

  * How to test
  Create OVS bridge with 2 devices mlx5 rep devices.
  Enable HW offload and configure regular connection tracking OpenFlow rules:

  e.g:
      ovs-ofctl del-flows br-ovs
      ovs-ofctl add-flow br-ovs arp,actions=normal
      ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"

  Run a TCP connection, e.g:
  on mlx5 VF1 iperf -s
  on mlx5 VF2 iperf -c <ip> -t 10

  Optional: In different terminal, while traffic is running, check for offload:
  tcpdump -nnepi <RELEVANT_MLX5_REP> tcp

  and see no iperf tcp packets.
  Dump conntrack with relevant ip:
  cat /proc/net/nf_conntrack | grep -i <ip>

  See counters (packets=.*) advancing while tuples were offloaded:
  ipv4     2 tcp      6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 
packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 
bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3

  * What it could break.

  Nothing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp