From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B76F1C433DB for ; Fri, 22 Jan 2021 01:19:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 65E0E239EE for ; Fri, 22 Jan 2021 01:19:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726042AbhAVBTg (ORCPT ); Thu, 21 Jan 2021 20:19:36 -0500 Received: from correo.us.es ([193.147.175.20]:35624 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726264AbhAVBTU (ORCPT ); Thu, 21 Jan 2021 20:19:20 -0500 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id D136F1022A2 for ; Fri, 22 Jan 2021 02:17:43 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id C3BF8DA78F for ; Fri, 22 Jan 2021 02:17:43 +0100 (CET) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id B92DEDA730; Fri, 22 Jan 2021 02:17:43 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 9D9E1DA73F; Fri, 22 Jan 2021 02:17:41 +0100 (CET) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Fri, 22 Jan 2021 02:17:41 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from us.es (unknown [90.77.255.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: 1984lsi) by entrada.int (Postfix) with ESMTPSA id 6B6C442EF9E1; Fri, 22 Jan 2021 02:17:41 +0100 (CET) Date: Fri, 22 Jan 2021 02:18:34 +0100 X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: Oz Shlomo Cc: Marcelo Ricardo Leitner , Roi Dayan , Saeed Mahameed , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, Paul Blakey , Saeed Mahameed Subject: Re: [net-next 08/15] net/mlx5e: CT: Preparation for offloading +trk+new ct rules Message-ID: <20210122011834.GA25356@salvia> References: <20210108053054.660499-9-saeed@kernel.org> <20210108214812.GB3678@horizon.localdomain> <218258b2-3a86-2d87-dfc6-8b3c1e274b26@nvidia.com> <20210111235116.GA2595@horizon.localdomain> <20210114130238.GA2676@horizon.localdomain> <20210114215052.GB2676@horizon.localdomain> <009bd8cf-df39-5346-b892-4e68a042c4b4@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <009bd8cf-df39-5346-b892-4e68a042c4b4@nvidia.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Virus-Scanned: ClamAV using ClamSMTP Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi Oz, On Wed, Jan 20, 2021 at 06:09:48PM +0200, Oz Shlomo wrote: > On 1/14/2021 11:50 PM, Marcelo Ricardo Leitner wrote: > > > > Thoughts? > > > > I wonder if we should develop a generic mechanism to optimize CT software > for a use case that is faulty by design. > This has limited value for software as it would only reduce the conntrack > table size (packet classification is still required). > However, this feature may have a big impact on hardware offload. > Normally hardware offload relies on software to handle new connections. > Causing all new connections to be processed by software. > With this patch the hardware may autonomously set the +new connection state > for the relevant connections. Could you fix this issue with unidirectional flows by checking for IPS_CONFIRMED status bit? The idea is to hardware offload the entry after the first packet goes through software successfully. Then, there is no need to wait for the established state that requires to see traffic in both directions.