From: Bing Zhao <bingz@nvidia.com>
To: orika@nvidia.com, thomas@monjalon.net, ferruh.yigit@intel.com,
andrew.rybchenko@oktetlabs.ru
Cc: dev@dpdk.org, ajit.khaparde@broadcom.com, xiaoyun.li@intel.com
Subject: [dpdk-dev] [PATCH v3 3/3] doc: update for conntrack
Date: Sat, 17 Apr 2021 01:54:09 +0800 [thread overview]
Message-ID: <1618595649-157464-4-git-send-email-bingz@nvidia.com> (raw)
In-Reply-To: <1618595649-157464-1-git-send-email-bingz@nvidia.com>
The updated documentations include:
1. Release notes
2. rte_flow.rst
3. testpmd user guide
Signed-off-by: Bing Zhao <bingz@nvidia.com>
---
doc/guides/prog_guide/rte_flow.rst | 113 ++++++++++++++++++++
doc/guides/rel_notes/release_21_05.rst | 4 +
doc/guides/testpmd_app_ug/testpmd_funcs.rst | 35 ++++++
3 files changed, 152 insertions(+)
diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst
index 2ecc48cfff..a1333819fc 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -1398,6 +1398,14 @@ Matches a eCPRI header.
- ``hdr``: eCPRI header definition (``rte_ecpri.h``).
- Default ``mask`` matches nothing, for all eCPRI messages.
+Item: ``CONNTRACK``
+^^^^^^^^^^^^^^^^^^^
+
+Matches a conntrack state after conntrack action.
+
+- ``flags``: conntrack packet state flags.
+- Default ``mask`` matches all state bits.
+
Actions
~~~~~~~
@@ -2842,6 +2850,111 @@ for ``RTE_FLOW_FIELD_VALUE`` and ``RTE_FLOW_FIELD_POINTER`` respectively.
| ``value`` | immediate value or a pointer to this value |
+---------------+----------------------------------------------------------+
+Action: ``CONNTRACK``
+^^^^^^^^^^^^^^^^^^^^^
+
+Create a conntrack (connection tracking) context with the provided information.
+
+In stateful session like TCP, the conntrack action provides the ability to
+examine every packet of this connection and associate the state to every
+packet. It will help to realize the stateful offloading with little software
+participation. For example, only the control packets like SYN / FIN or packets
+with invalid state should be handled by the software.
+
+A conntrack context should be created via ``rte_flow_action_handle_create()``
+before using. Then the handle with ``INDIRECT`` type is used for a flow rule
+creation. If a flow rule with an opposite direction needs to be created, the
+``rte_flow_action_handle_update()`` should be used to modify the direction.
+
+Not all the fields of the ``struct rte_flow_action_conntrack`` will be used
+for a conntrack context creating, depending on the HW.
+The ``struct rte_flow_modify_conntrack`` should be used for an updating.
+
+The current conntrack context information could be queried via the
+``rte_flow_action_handle_query()`` interface.
+
+.. _table_rte_flow_action_conntrack:
+
+.. table:: CONNTRACK
+
+ +--------------------------+-------------------------------------------------------------+
+ | Field | Value |
+ +==========================+=============================================================+
+ | ``peer_port`` | peer port number |
+ +--------------------------+-------------------------------------------------------------+
+ | ``is_original_dir`` | direction of this connection for flow rule creating |
+ +--------------------------+-------------------------------------------------------------+
+ | ``enable`` | enable the conntrack context |
+ +--------------------------+-------------------------------------------------------------+
+ | ``live_connection`` | one ack was seen for this connection |
+ +--------------------------+-------------------------------------------------------------+
+ | ``selective_ack`` | SACK enabled |
+ +--------------------------+-------------------------------------------------------------+
+ | ``challenge_ack_passed`` | a challenge ack has passed |
+ +--------------------------+-------------------------------------------------------------+
+ | ``last_direction`` | direction of the last passed packet |
+ +--------------------------+-------------------------------------------------------------+
+ | ``liberal_mode`` | only report state change |
+ +--------------------------+-------------------------------------------------------------+
+ | ``state`` | current state |
+ +--------------------------+-------------------------------------------------------------+
+ | ``max_ack_window`` | maximal window scaling factor |
+ +--------------------------+-------------------------------------------------------------+
+ | ``retransmission_limit`` | maximal retransmission times |
+ +--------------------------+-------------------------------------------------------------+
+ | ``original_dir`` | TCP parameters of the original direction |
+ +--------------------------+-------------------------------------------------------------+
+ | ``reply_dir`` | TCP parameters of the reply direction |
+ +--------------------------+-------------------------------------------------------------+
+ | ``last_window`` | window value of the last passed packet |
+ +--------------------------+-------------------------------------------------------------+
+ | ``last_seq`` | sequence value of the last passed packet |
+ +--------------------------+-------------------------------------------------------------+
+ | ``last_ack`` | acknowledgement value the last passed packet |
+ +--------------------------+-------------------------------------------------------------+
+ | ``last_end`` | sum acknowledgement and length value the last passed packet |
+ +--------------------------+-------------------------------------------------------------+
+
+.. _table_rte_flow_tcp_dir_param:
+
+.. table:: configuration parameters for each direction
+
+ +---------------------+---------------------------------------------------------+
+ | Field | Value |
+ +=====================+=========================================================+
+ | ``scale`` | TCP window scaling factor |
+ +---------------------+---------------------------------------------------------+
+ | ``close_initiated`` | FIN sent from this direction |
+ +---------------------+---------------------------------------------------------+
+ | ``last_ack_seen`` | an ACK packet received |
+ +---------------------+---------------------------------------------------------+
+ | ``data_unacked`` | unacknowledged data for packets from this direction |
+ +---------------------+---------------------------------------------------------+
+ | ``sent_end`` | max{seq + len} seen in sent packets |
+ +---------------------+---------------------------------------------------------+
+ | ``reply_end`` | max{sack + max{win, 1}} seen in reply packets |
+ +---------------------+---------------------------------------------------------+
+ | ``max_win`` | max{max{win, 1}} + {sack - ack} seen in sent packets |
+ +---------------------+---------------------------------------------------------+
+ | ``max_ack`` | max{ack} + seen in sent packets |
+ +---------------------+---------------------------------------------------------+
+
+.. _table_rte_flow_modify_conntrack:
+
+.. table:: update a conntrack context
+
+ +----------------+---------------------------------------+
+ | Field | Value |
+ +================+=======================================+
+ | ``new_ct`` | new conntrack information |
+ +----------------+---------------------------------------+
+ | ``direction`` | direction will be updated |
+ +----------------+---------------------------------------+
+ | ``state`` | other fields except will be updated |
+ +----------------+---------------------------------------+
+ | ``reserved`` | reserved bits |
+ +----------------+---------------------------------------+
+
Negative types
~~~~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst
index e6f99350af..824eb72981 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -183,6 +183,10 @@ New Features
the events across multiple stages.
* This also reduced the scheduling overhead on a event device.
+* **Added conntrack support for rte_flow.**
+
+ * Added conntrack action and item for stateful offloading.
+
* **Updated testpmd.**
* Added a command line option to configure forced speed for Ethernet port.
diff --git a/doc/guides/testpmd_app_ug/testpmd_funcs.rst b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
index 1fa6e2000e..4c029776aa 100644
--- a/doc/guides/testpmd_app_ug/testpmd_funcs.rst
+++ b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
@@ -3791,6 +3791,8 @@ This section lists supported pattern items and their attributes, if any.
- ``s_field {unsigned}``: S field.
- ``seid {unsigned}``: session endpoint identifier.
+- ``conntrack``: match conntrack state.
+
Actions list
^^^^^^^^^^^^
@@ -4925,6 +4927,39 @@ NVGRE encapsulation header and sent to port id 0.
testpmd> flow create 0 ingress transfer pattern eth / end actions
sample ratio 1 index 0 / port_id id 2 / end
+Sample conntrack rules
+~~~~~~~~~~~~~~~~~~~~~~
+
+Conntrack rules can be set by the following commands
+
+Need to construct the connection context with provided information.
+In the first table, create a flow rule by using conntrack action and jump to
+the next table. In the next table, create a rule to check the state.
+
+::
+
+ testpmd> set conntrack com peer 1 is_orig 1 enable 1 live 1 sack 1 cack 0
+ last_dir 0 liberal 0 state 1 max_ack_win 7 r_lim 5 last_win 510
+ last_seq 2632987379 last_ack 2532480967 last_end 2632987379
+ last_index 0x8
+ testpmd> set conntrack orig scale 7 fin 0 acked 1 unack_data 0
+ sent_end 2632987379 reply_end 2633016339 max_win 28960
+ max_ack 2632987379
+ testpmd> set conntrack rply scale 7 fin 0 acked 1 unack_data 0
+ sent_end 2532480967 reply_end 2532546247 max_win 65280
+ max_ack 2532480967
+ testpmd> flow indirect_action 0 create ingress action conntrack / end
+ testpmd> flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions indirect 0 / jump group 5 / end
+ testpmd> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end
+
+Construct the conntrack again with only "is_orig" set to 0 (other fields are
+ignored), then use "update" interface to update the direction. Create flow
+rules like above for the peer port.
+
+::
+
+ testpmd> flow indirect_action 0 update 0 action conntrack_update dir / end
+
BPF Functions
--------------
--
2.19.0.windows.1
next prev parent reply other threads:[~2021-04-16 17:54 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 7:30 [dpdk-dev] [RFC] ethdev: introduce conntrack flow action and item Bing Zhao
2021-03-22 15:16 ` Andrew Rybchenko
2021-04-07 7:43 ` Bing Zhao
2021-03-23 23:27 ` Ajit Khaparde
2021-04-07 2:41 ` Bing Zhao
2021-04-10 13:46 ` [dpdk-dev] [PATCH] " Bing Zhao
2021-04-15 16:24 ` Ori Kam
2021-04-15 16:44 ` Bing Zhao
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 0/2] " Bing Zhao
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 1/2] " Bing Zhao
2021-04-16 10:49 ` Thomas Monjalon
2021-04-16 18:18 ` Bing Zhao
2021-04-16 12:41 ` Ori Kam
2021-04-16 18:05 ` Bing Zhao
2021-04-16 21:47 ` Ajit Khaparde
2021-04-17 6:10 ` Bing Zhao
2021-04-17 14:54 ` Ajit Khaparde
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 2/2] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-16 8:46 ` Ori Kam
2021-04-16 18:20 ` Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 0/3] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 1/3] " Bing Zhao
2021-04-16 18:30 ` Ajit Khaparde
2021-04-19 14:08 ` Thomas Monjalon
2021-04-19 16:21 ` Bing Zhao
2021-04-19 14:06 ` Thomas Monjalon
2021-04-19 16:13 ` Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 2/3] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-16 17:54 ` Bing Zhao [this message]
2021-04-16 18:22 ` [dpdk-dev] [PATCH v3 3/3] doc: update " Thomas Monjalon
2021-04-16 18:30 ` Ajit Khaparde
2021-04-19 17:28 ` Bing Zhao
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 0/3] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 1/3] " Bing Zhao
2021-04-19 17:33 ` Ori Kam
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 2/3] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-19 17:35 ` Ori Kam
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 3/3] doc: update " Bing Zhao
2021-04-19 17:32 ` Thomas Monjalon
2021-04-19 17:37 ` Ori Kam
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 0/2] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 1/2] " Bing Zhao
2021-04-19 18:07 ` Thomas Monjalon
2021-04-19 23:29 ` Ferruh Yigit
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 2/2] app/testpmd: add CLI for conntrack Bing Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1618595649-157464-4-git-send-email-bingz@nvidia.com \
--to=bingz@nvidia.com \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=orika@nvidia.com \
--cc=thomas@monjalon.net \
--cc=xiaoyun.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.