From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37137C433B4 for ; Fri, 16 Apr 2021 18:30:21 +0000 (UTC) Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by mail.kernel.org (Postfix) with ESMTP id 9CA6A610FB for ; Fri, 16 Apr 2021 18:30:20 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9CA6A610FB Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=broadcom.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dev-bounces@dpdk.org Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AD333161D46; Fri, 16 Apr 2021 20:30:19 +0200 (CEST) Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) by mails.dpdk.org (Postfix) with ESMTP id 51CE6161D3F for ; Fri, 16 Apr 2021 20:30:18 +0200 (CEST) Received: by mail-qk1-f179.google.com with SMTP id h13so11176886qka.2 for ; Fri, 16 Apr 2021 11:30:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=f9pjrxeQOI6SvdyG1rdpHZDrrNZYTWQTrVUauKZkZdw=; b=DhyZlyBprnAwGLOgU3QnLxeHgnDDjUN0rIvh9474lkPOKSnH81EihY6wPIaOShDTQB Wp5B51plCTBF8xNtE66zfAyYdGQLmP2eeod9EC5i+CWA/EWAY/6+cuctxY8/F0BQRCMm DttHGkc3a9ievf2GSbpKox5t5EM66loja5qYk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f9pjrxeQOI6SvdyG1rdpHZDrrNZYTWQTrVUauKZkZdw=; b=LKprFGc05jlpu2DQaooyNmQtjKyUuPlvpfDydGL1xbKow4rmro/lIEd1g3V4KroCd9 SO5YejbLMziVkdnI1K9i0DAkMYWLB0M+FsWGZDP+HfEcwo0BtexRlr21pt0R4nAfN+Os ymZPqtzjaowaRtTJMRpD1HmDpWvn8WOROL7+ixNuWL8ksYMQ8qm8oTfjLGliVQwTBi8M nr3BPzdogeivgOo//JEba0v4RDaLyUlPOz+WBptjrQiXbUwkmCgJ8hb6UJ+oOKBk/PJ0 7RDdJb0mEhepLMPSUPOx5WFM19VITSEWD1quWvkFOsFYMUne8K9cgTjvp0hrftRKwsyl F8Gw== X-Gm-Message-State: AOAM532LjHU3BQ026uACIklhWSUspxUlGTxIgc7ZoHTNhfaHVQo+w2bu xQH4VqAplgq4uH0x1ZZBuBCElEh1OG0Iw+lPNTkN4Q== X-Google-Smtp-Source: ABdhPJy74QWQ4K6fuAPsANNmCKVPmA5klKnB0QHkncY3Fs61k8+6vANJm2lh9ONgclJzPtmBXn64Z4pR/KoksN7NTu4= X-Received: by 2002:ae9:e8d5:: with SMTP id a204mr523720qkg.409.1618597817432; Fri, 16 Apr 2021 11:30:17 -0700 (PDT) MIME-Version: 1.0 References: <1618062393-205611-1-git-send-email-bingz@nvidia.com> <1618595649-157464-1-git-send-email-bingz@nvidia.com> <1618595649-157464-4-git-send-email-bingz@nvidia.com> In-Reply-To: <1618595649-157464-4-git-send-email-bingz@nvidia.com> From: Ajit Khaparde Date: Fri, 16 Apr 2021 11:30:01 -0700 Message-ID: To: Bing Zhao Cc: Ori Kam , Thomas Monjalon , Ferruh Yigit , Andrew Rybchenko , dpdk-dev , Xiaoyun Li Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000f8a64f05c01b2bfc" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [dpdk-dev] [PATCH v3 3/3] doc: update for conntrack X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" --000000000000f8a64f05c01b2bfc Content-Type: text/plain; charset="UTF-8" On Fri, Apr 16, 2021 at 10:54 AM Bing Zhao wrote: > > The updated documentations include: > 1. Release notes > 2. rte_flow.rst > 3. testpmd user guide > > Signed-off-by: Bing Zhao > --- > doc/guides/prog_guide/rte_flow.rst | 113 ++++++++++++++++++++ > doc/guides/rel_notes/release_21_05.rst | 4 + > doc/guides/testpmd_app_ug/testpmd_funcs.rst | 35 ++++++ > 3 files changed, 152 insertions(+) > > diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst > index 2ecc48cfff..a1333819fc 100644 > --- a/doc/guides/prog_guide/rte_flow.rst > +++ b/doc/guides/prog_guide/rte_flow.rst > @@ -1398,6 +1398,14 @@ Matches a eCPRI header. > - ``hdr``: eCPRI header definition (``rte_ecpri.h``). > - Default ``mask`` matches nothing, for all eCPRI messages. > > +Item: ``CONNTRACK`` > +^^^^^^^^^^^^^^^^^^^ > + > +Matches a conntrack state after conntrack action. > + > +- ``flags``: conntrack packet state flags. > +- Default ``mask`` matches all state bits. > + > Actions > ~~~~~~~ > > @@ -2842,6 +2850,111 @@ for ``RTE_FLOW_FIELD_VALUE`` and ``RTE_FLOW_FIELD_POINTER`` respectively. > | ``value`` | immediate value or a pointer to this value | > +---------------+----------------------------------------------------------+ > > +Action: ``CONNTRACK`` > +^^^^^^^^^^^^^^^^^^^^^ > + > +Create a conntrack (connection tracking) context with the provided information. > + > +In stateful session like TCP, the conntrack action provides the ability to > +examine every packet of this connection and associate the state to every > +packet. It will help to realize the stateful offloading with little software s/stateful offloading/stateful offload of connections > +participation. For example, only the control packets like SYN / FIN or packets > +with invalid state should be handled by the software. s/invalid state should be handled by the software/invalid state may be handled by the software while the rest of the control frames may be handled in hardware. > + > +A conntrack context should be created via ``rte_flow_action_handle_create()`` > +before using. Then the handle with ``INDIRECT`` type is used for a flow rule > +creation. If a flow rule with an opposite direction needs to be created, the > +``rte_flow_action_handle_update()`` should be used to modify the direction. > + > +Not all the fields of the ``struct rte_flow_action_conntrack`` will be used > +for a conntrack context creating, depending on the HW. s/context creating/context creation. s/depending on the HW./This capability will depend on the underlying hardware > +The ``struct rte_flow_modify_conntrack`` should be used for an updating. > + > +The current conntrack context information could be queried via the > +``rte_flow_action_handle_query()`` interface. > + > +.. _table_rte_flow_action_conntrack: > + > +.. table:: CONNTRACK > + > + +--------------------------+-------------------------------------------------------------+ > + | Field | Value | > + +==========================+=============================================================+ > + | ``peer_port`` | peer port number | > + +--------------------------+-------------------------------------------------------------+ > + | ``is_original_dir`` | direction of this connection for flow rule creating | s/for flow rule creating/for creating flow rule > + +--------------------------+-------------------------------------------------------------+ > + | ``enable`` | enable the conntrack context | > + +--------------------------+-------------------------------------------------------------+ > + | ``live_connection`` | one ack was seen for this connection | > + +--------------------------+-------------------------------------------------------------+ > + | ``selective_ack`` | SACK enabled | > + +--------------------------+-------------------------------------------------------------+ > + | ``challenge_ack_passed`` | a challenge ack has passed | > + +--------------------------+-------------------------------------------------------------+ > + | ``last_direction`` | direction of the last passed packet | > + +--------------------------+-------------------------------------------------------------+ > + | ``liberal_mode`` | only report state change | > + +--------------------------+-------------------------------------------------------------+ > + | ``state`` | current state | > + +--------------------------+-------------------------------------------------------------+ > + | ``max_ack_window`` | maximal window scaling factor | > + +--------------------------+-------------------------------------------------------------+ > + | ``retransmission_limit`` | maximal retransmission times | s/times/limit > + +--------------------------+-------------------------------------------------------------+ > + | ``original_dir`` | TCP parameters of the original direction | > + +--------------------------+-------------------------------------------------------------+ > + | ``reply_dir`` | TCP parameters of the reply direction | > + +--------------------------+-------------------------------------------------------------+ > + | ``last_window`` | window value of the last passed packet | s/value/size > + +--------------------------+-------------------------------------------------------------+ > + | ``last_seq`` | sequence value of the last passed packet | s/value/number > + +--------------------------+-------------------------------------------------------------+ > + | ``last_ack`` | acknowledgement value the last passed packet | s/value/number > + +--------------------------+-------------------------------------------------------------+ > + | ``last_end`` | sum acknowledgement and length value the last passed packet | sum of ack number and length of the last passed packet or sum of acknowledgement number and length of the last passed packet > + +--------------------------+-------------------------------------------------------------+ > + > +.. _table_rte_flow_tcp_dir_param: > + > +.. table:: configuration parameters for each direction > + > + +---------------------+---------------------------------------------------------+ > + | Field | Value | > + +=====================+=========================================================+ > + | ``scale`` | TCP window scaling factor | > + +---------------------+---------------------------------------------------------+ > + | ``close_initiated`` | FIN sent from this direction | > + +---------------------+---------------------------------------------------------+ > + | ``last_ack_seen`` | an ACK packet received | > + +---------------------+---------------------------------------------------------+ > + | ``data_unacked`` | unacknowledged data for packets from this direction | > + +---------------------+---------------------------------------------------------+ > + | ``sent_end`` | max{seq + len} seen in sent packets | > + +---------------------+---------------------------------------------------------+ > + | ``reply_end`` | max{sack + max{win, 1}} seen in reply packets | > + +---------------------+---------------------------------------------------------+ > + | ``max_win`` | max{max{win, 1}} + {sack - ack} seen in sent packets | > + +---------------------+---------------------------------------------------------+ > + | ``max_ack`` | max{ack} + seen in sent packets | > + +---------------------+---------------------------------------------------------+ > + > +.. _table_rte_flow_modify_conntrack: > + > +.. table:: update a conntrack context > + > + +----------------+---------------------------------------+ > + | Field | Value | > + +================+=======================================+ > + | ``new_ct`` | new conntrack information | > + +----------------+---------------------------------------+ > + | ``direction`` | direction will be updated | > + +----------------+---------------------------------------+ > + | ``state`` | other fields except will be updated | except what? direction?? > + +----------------+---------------------------------------+ > + | ``reserved`` | reserved bits | > + +----------------+---------------------------------------+ > + > Negative types > ~~~~~~~~~~~~~~ > > diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst > index e6f99350af..824eb72981 100644 > --- a/doc/guides/rel_notes/release_21_05.rst > +++ b/doc/guides/rel_notes/release_21_05.rst > @@ -183,6 +183,10 @@ New Features > the events across multiple stages. > * This also reduced the scheduling overhead on a event device. > > +* **Added conntrack support for rte_flow.** > + > + * Added conntrack action and item for stateful offloading. > + > * **Updated testpmd.** > > * Added a command line option to configure forced speed for Ethernet port. > diff --git a/doc/guides/testpmd_app_ug/testpmd_funcs.rst b/doc/guides/testpmd_app_ug/testpmd_funcs.rst > index 1fa6e2000e..4c029776aa 100644 > --- a/doc/guides/testpmd_app_ug/testpmd_funcs.rst > +++ b/doc/guides/testpmd_app_ug/testpmd_funcs.rst > @@ -3791,6 +3791,8 @@ This section lists supported pattern items and their attributes, if any. > - ``s_field {unsigned}``: S field. > - ``seid {unsigned}``: session endpoint identifier. > > +- ``conntrack``: match conntrack state. > + > Actions list > ^^^^^^^^^^^^ > > @@ -4925,6 +4927,39 @@ NVGRE encapsulation header and sent to port id 0. > testpmd> flow create 0 ingress transfer pattern eth / end actions > sample ratio 1 index 0 / port_id id 2 / end > > +Sample conntrack rules > +~~~~~~~~~~~~~~~~~~~~~~ > + > +Conntrack rules can be set by the following commands > + > +Need to construct the connection context with provided information. > +In the first table, create a flow rule by using conntrack action and jump to > +the next table. In the next table, create a rule to check the state. > + > +:: > + > + testpmd> set conntrack com peer 1 is_orig 1 enable 1 live 1 sack 1 cack 0 > + last_dir 0 liberal 0 state 1 max_ack_win 7 r_lim 5 last_win 510 > + last_seq 2632987379 last_ack 2532480967 last_end 2632987379 > + last_index 0x8 > + testpmd> set conntrack orig scale 7 fin 0 acked 1 unack_data 0 > + sent_end 2632987379 reply_end 2633016339 max_win 28960 > + max_ack 2632987379 > + testpmd> set conntrack rply scale 7 fin 0 acked 1 unack_data 0 > + sent_end 2532480967 reply_end 2532546247 max_win 65280 > + max_ack 2532480967 > + testpmd> flow indirect_action 0 create ingress action conntrack / end > + testpmd> flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions indirect 0 / jump group 5 / end > + testpmd> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end > + > +Construct the conntrack again with only "is_orig" set to 0 (other fields are > +ignored), then use "update" interface to update the direction. Create flow s/use/use the > +rules like above for the peer port. By peer, do you mean peer system? Or remote/dst port of the TCP connection? > + > +:: > + > + testpmd> flow indirect_action 0 update 0 action conntrack_update dir / end > + > BPF Functions > -------------- > > -- > 2.19.0.windows.1 > --000000000000f8a64f05c01b2bfc--