On Sun, Jan 10, 2021 at 09:52:55AM +0200, Roi Dayan wrote: > > > On 2021-01-10 9:45 AM, Roi Dayan wrote: > > > > > > On 2021-01-08 11:48 PM, Marcelo Ricardo Leitner wrote: > > > Hi, > > > > > > On Thu, Jan 07, 2021 at 09:30:47PM -0800, Saeed Mahameed wrote: > > > > From: Roi Dayan <r...@nvidia.com> > > > > > > > > Connection tracking associates the connection state per packet. The > > > > first packet of a connection is assigned with the +trk+new state. The > > > > connection enters the established state once a packet is seen on the > > > > other direction. > > > > > > > > Currently we offload only the established flows. However, UDP traffic > > > > using source port entropy (e.g. vxlan, RoCE) will never enter the > > > > established state. Such protocols do not require stateful processing, > > > > and therefore could be offloaded. > > > > > > If it doesn't require stateful processing, please enlight me on why > > > conntrack is being used in the first place. What's the use case here? > > > > > > > The use case for example is when we have vxlan traffic but we do > > conntrack on the inner packet (rules on the physical port) so > > we never get established but on miss we can still offload as normal > > vxlan traffic. > > > > my mistake about "inner packet". we do CT on the underlay network, i.e. > the outer header.
I miss why the CT match is being used there then. Isn't it a config issue/waste of resources? What is CT adding to the matches/actions being done on these flows? > > > > > > > > > The change in the model is that a miss on the CT table will be forwarded > > > > to a new +trk+new ct table and a miss there will be forwarded to > > > > the slow > > > > path table. > > > > > > AFAICU this new +trk+new ct table is a wildcard match on sport with > > > specific dports. Also AFAICU, such entries will not be visible to the > > > userspace then. Is this right? > > > > > > Marcelo > > > > > > > right. Thanks, Marcelo
