| 2023-02-22 22:47:32 |
William Tu |
bug |
|
|
added bug |
| 2023-02-22 23:19:32 |
William Tu |
description |
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
* How to test
Enable nf_conn_acct, enable HW offload using OVS or tc-flower, and check ct stats.
ex:
ovs-vsctl get Open_vSwitch . other_config
{hw-offload="true"}
ovs-appctl dpctl/dump-flows type=offloaded
ovs-appctl dpctl/dump-conntrack
* What it could break.
Nothing. |
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Enable nf_conn_acct, enable HW offload using OVS or tc-flower, and check ct stats.
ex:
ovs-vsctl get Open_vSwitch . other_config
{hw-offload="true"}
ovs-appctl dpctl/dump-flows type=offloaded
ovs-appctl dpctl/dump-conntrack
* What it could break.
Nothing. |
|
| 2023-02-23 17:04:13 |
William Tu |
description |
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Enable nf_conn_acct, enable HW offload using OVS or tc-flower, and check ct stats.
ex:
ovs-vsctl get Open_vSwitch . other_config
{hw-offload="true"}
ovs-appctl dpctl/dump-flows type=offloaded
ovs-appctl dpctl/dump-conntrack
* What it could break.
Nothing. |
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing. |
|
| 2023-02-23 17:04:39 |
William Tu |
summary |
Add HW offloaded CT stats |
netfilter: flowtable: add counter support in HW offload |
|
| 2023-02-23 17:05:24 |
William Tu |
description |
* Explain the bug(s)
When CT HW offload is enabled, the CT stats does not show the stats of the offloaded flow.
Ex: using
cat /proc/net/nf_conntrack, or conntrack -L
shows only the software CT stats, not the offloaded CT stats
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing. |
* Explain the bug(s)
While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing. |
|
| 2023-02-23 18:39:55 |
Tim Gardner |
nominated for series |
|
Ubuntu Focal |
|
| 2023-02-23 18:39:55 |
Tim Gardner |
bug task added |
|
linux-bluefield (Ubuntu Focal) |
|
| 2023-02-23 18:40:37 |
Tim Gardner |
linux-bluefield (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2023-02-23 18:40:37 |
Tim Gardner |
linux-bluefield (Ubuntu Focal): status |
New |
In Progress |
|
| 2023-02-23 18:40:37 |
Tim Gardner |
linux-bluefield (Ubuntu Focal): assignee |
|
William Tu (wtu) |
|
| 2023-03-10 18:10:35 |
Bartlomiej Zolnierkiewicz |
linux-bluefield (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2023-03-10 18:10:45 |
Bartlomiej Zolnierkiewicz |
linux-bluefield (Ubuntu Focal): status |
Fix Committed |
In Progress |
|
| 2023-03-21 19:17:03 |
William Tu |
linux-bluefield (Ubuntu Focal): status |
In Progress |
Confirmed |
|
| 2023-03-21 20:14:46 |
William Tu |
linux-bluefield (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2023-03-27 15:42:15 |
Kleber Sacilotto de Souza |
linux-bluefield (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2023-04-05 07:34:32 |
Ubuntu Kernel Bot |
tags |
|
kernel-spammed-focal-linux-bluefield verification-needed-focal |
|
| 2023-04-12 22:12:25 |
William Tu |
description |
* Explain the bug(s)
While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing. |
* Explain the bug(s)
While conntrack tuples are offloaded to hardware and conntrack packet accounting is enabled, offloaded packets aren't counted.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW offloaded rules.
ef803b3cf96a netfilter: flowtable: add counter support in HW offload
9312eabab4a6 netfilter: conntrack: add nf_ct_acct_add()
note: need to change a little due to cherry-pick conflict with
24384e28586c netfilter: flowtable: Set offload timeouts according to proto values
* How to test
Create OVS bridge with 2 devices mlx5 rep devices.
Enable HW offload and configure regular connection tracking OpenFlow rules:
e.g:
ovs-ofctl del-flows br-ovs
ovs-ofctl add-flow br-ovs arp,actions=normal
ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal"
ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
Run a TCP connection, e.g:
on mlx5 VF1 iperf -s
on mlx5 VF2 iperf -c <ip> -t 10
Optional: In different terminal, while traffic is running, check for offload:
tcpdump -nnepi <RELEVANT_MLX5_REP> tcp
and see no iperf tcp packets.
Dump conntrack with relevant ip:
echo "1" > /proc/sys/net/netfilter/nf_conntrack_acct
cat /proc/net/nf_conntrack | grep -i <ip>
See counters (packets=.*) advancing while tuples were offloaded:
ipv4 2 tcp 6 src=1.1.1.2 dst=1.1.1.3 sport=56394 dport=5001 packets=2 bytes=112 src=1.1.1.3 dst=1.1.1.2 sport=5001 dport=56394 packets=1777 bytes=665340 [HW_OFFLOAD] mark=0 zone=0 use=3
* What it could break.
Nothing. |
|
| 2023-04-13 01:14:11 |
Meriton Tuli |
tags |
kernel-spammed-focal-linux-bluefield verification-needed-focal |
kernel-spammed-focal-linux-bluefield verification-done-focal |
|
| 2023-04-13 09:13:02 |
Launchpad Janitor |
linux-bluefield (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2023-04-13 09:13:02 |
Launchpad Janitor |
cve linked |
|
2021-3669 |
|
| 2023-04-13 09:13:02 |
Launchpad Janitor |
cve linked |
|
2022-2196 |
|
| 2023-04-13 09:13:02 |
Launchpad Janitor |
cve linked |
|
2022-4382 |
|
| 2023-04-13 09:13:02 |
Launchpad Janitor |
cve linked |
|
2023-23559 |
|
