[Kernel-packages] [Bug 1967892] Re: Fix flow table lookup failure with no originating ifindex

Wed, 06 Apr 2022 09:35:57 -0700 

** Also affects: linux-bluefield (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: linux-bluefield (Ubuntu)
       Status: New => Invalid

** Changed in: linux-bluefield (Ubuntu Focal)
       Status: New => In Progress

** Changed in: linux-bluefield (Ubuntu Focal)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1967892

Title:
  Fix flow table lookup failure with no originating ifindex

Status in linux-bluefield package in Ubuntu:
  Invalid
Status in linux-bluefield source package in Focal:
  Fix Committed

Bug description:
  
  * Explain the bug
  After the CT ifindex extension feature, flow table entries are
  populated with ifindex information which was intended to only be used
  for HW offload. This tuple ifindex is hashed in the flow table key, so
  it must be filled for lookup to be successful. But tuple ifindex is only
  relevant for the netfilter flowtables (nft), so it's not filled in
  act_ct flow table lookup, resulting in lookup failure, and no SW
  offload and no offload teardown for TCP connection FIN/RST packets.

  To fix this, add new tc ifindex field to tuple, which will
  only be used for offloading, not for lookup, as it will not be part of the 
tuple hash. 
   
  * How to test
   Create OVS bridge with 2 devices mlx5 rep devices.
  Enable HW offload and configure regular connection tracking OpenFlow rules:
   
  e.g:
      ovs-ofctl del-flows br-ovs
      ovs-ofctl add-flow br-ovs arp,actions=normal
      ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new 
actions=ct(commit),normal"
      ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est, actions=normal"
   
  Generate traffic at high rate (e.g. using IXIA).
  The number of offloaded rules exposed in 
/sys/kernel/debug/mlx5/0000\:$BUS\:00.0/ct/offloaded should be in synch the 
number of generated connections.
   
  * What it could break.
  Perhaps nft offload – it is not part of our tests

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1967892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to