From: Edward Cree <ecree@solarflare.com>
To: Paul Blakey <paulb@mellanox.com>,
Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Pravin Shelar <pshelar@ovn.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Vlad Buslov <vladbu@mellanox.com>,
David Miller <davem@davemloft.net>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
Jiri Pirko <jiri@resnulli.us>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Simon Horman <simon.horman@netronome.com>,
Or Gerlitz <gerlitz.or@gmail.com>
Subject: Re: CONFIG_NET_TC_SKB_EXT
Date: Thu, 26 Sep 2019 15:26:08 +0100 [thread overview]
Message-ID: <3aff5059-c28c-f194-72f0-69edddf89f84@solarflare.com> (raw)
In-Reply-To: <ecfb7918-7660-91f0-035e-56f58a41dc17@mellanox.com>
On 26/09/2019 14:56, Paul Blakey wrote:
>>> In nat scenarios the packet will be modified, and then there can be a miss:
>>>
>>> -trk .... CT(zone X, Restore NAT),goto chain 1
>>>
>>> +trk+est, match on ipv4, CT(zone Y), goto chain 2
>>>
>>> +trk+est, output..
>> I'm confused, I thought the usual nat scenario looked more like
>> 0: -trk ... action ct(zone x), goto chain 1
>> 1: +trk+new ... action ct(commit, nat=foo) # sw only
>> 1: +trk+est ... action ct(nat), mirred eth1
>> i.e. the NAT only happens after conntrack has matched (and thus provided
>> the saved NAT metadata), at the end of the pipe. I don't see how you
>> can NAT a -trk packet.
> Both are valid, Nat in the first hop, executes the nat stored on the
> connection if available (configured by commit).
This still isn't making sense to me.
Until you've done a conntrack lookup and found the connection, you can't
use NAT information that's stored in the connection.
So the NAT can only happen after a conntrack match is found.
And all the rest of your stuff (like doing conntrack twice, in different
zones X and Y) is 'weird' inasmuch as it's beyond the basic minimum
functionality for a useful offload, and inherently doesn't map to a
fixed-layout (non-loopy) HW pipeline. You may want to support it in
your driver, you may be able to support it in your hardware, but it's
not true that "even nat needs that" (the nat scenario I described above
is entirely reasonable and is perfectly workable in an all-or-nothing
offload world), so if your changes are causing problems, they should be
reverted for this cycle.
>> AFAICT only 'deliverish' actions (i.e. mirred and drop) in TC have stats.
>> So stats are unlikely to be a problem unless you've got (say) a mirred
>> mirror before you send to ct and goto chain, in which case the extra
>> copy of the packet is a rather bigger problem for idempotency than mere
>> stats ;-)
> All tc actions have software stats, and at least one (goto, mirred,
> drop) per OvS generated rule will have hardware stats.
Ooh, goto has hardware stats? That's something I hadn't spotted *re-
draws hardware design slightly*
> All OvS datapath rules have stats, and in turn the translated TC rules
> all have stats. OvS ages each rule independently.
TC rules do not have stats. Only TC actions have stats. (The offload
API currently gets confused about this and it's really annoyed me...)
next prev parent reply other threads:[~2019-09-26 14:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-19 11:21 CONFIG_NET_TC_SKB_EXT David Miller
2019-09-19 15:13 ` CONFIG_NET_TC_SKB_EXT Vlad Buslov
2019-09-20 16:16 ` CONFIG_NET_TC_SKB_EXT Jakub Kicinski
2019-09-20 22:15 ` CONFIG_NET_TC_SKB_EXT Daniel Borkmann
2019-09-20 22:56 ` CONFIG_NET_TC_SKB_EXT Jakub Kicinski
2019-09-20 23:40 ` CONFIG_NET_TC_SKB_EXT Daniel Borkmann
2019-09-21 0:06 ` CONFIG_NET_TC_SKB_EXT Daniel Borkmann
2019-09-22 3:18 ` CONFIG_NET_TC_SKB_EXT Pravin Shelar
2019-09-22 4:51 ` CONFIG_NET_TC_SKB_EXT Alexei Starovoitov
2019-09-22 11:51 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-22 21:47 ` CONFIG_NET_TC_SKB_EXT Jakub Kicinski
2019-09-23 16:56 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-23 17:17 ` CONFIG_NET_TC_SKB_EXT Edward Cree
2019-09-24 11:48 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-25 17:01 ` CONFIG_NET_TC_SKB_EXT Edward Cree
2019-09-26 7:30 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-26 13:09 ` CONFIG_NET_TC_SKB_EXT Edward Cree
2019-09-26 13:56 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-26 14:26 ` Edward Cree [this message]
2019-09-26 15:14 ` CONFIG_NET_TC_SKB_EXT Paul Blakey
2019-09-26 17:02 ` CONFIG_NET_TC_SKB_EXT Edward Cree
2019-09-23 18:46 ` CONFIG_NET_TC_SKB_EXT Marcelo Ricardo Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3aff5059-c28c-f194-72f0-69edddf89f84@solarflare.com \
--to=ecree@solarflare.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=gerlitz.or@gmail.com \
--cc=jakub.kicinski@netronome.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=paulb@mellanox.com \
--cc=pshelar@ovn.org \
--cc=simon.horman@netronome.com \
--cc=vladbu@mellanox.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).