On 2021-01-08 11:48 PM, Marcelo Ricardo Leitner wrote:
Hi,
On Thu, Jan 07, 2021 at 09:30:47PM -0800, Saeed Mahameed wrote:
From: Roi Dayan <r...@nvidia.com>
Connection tracking associates the connection state per packet. The
first packet of a connection is assigned with the +trk+new state. The
connection enters the established state once a packet is seen on the
other direction.
Currently we offload only the established flows. However, UDP traffic
using source port entropy (e.g. vxlan, RoCE) will never enter the
established state. Such protocols do not require stateful processing,
and therefore could be offloaded.
If it doesn't require stateful processing, please enlight me on why
conntrack is being used in the first place. What's the use case here?
The use case for example is when we have vxlan traffic but we do
conntrack on the inner packet (rules on the physical port) so
we never get established but on miss we can still offload as normal
vxlan traffic.
The change in the model is that a miss on the CT table will be forwarded
to a new +trk+new ct table and a miss there will be forwarded to the slow
path table.
AFAICU this new +trk+new ct table is a wildcard match on sport with
specific dports. Also AFAICU, such entries will not be visible to the
userspace then. Is this right?
Marcelo
right.
