This is started from the issue with broken ERSPAN tunnel reported by Eelco, but turned out a much wider problem with ignoring different tunnel keys and flags while constructing TC flower. Some of that can be fixed, some can't be fixed due to lack of support from kernel. Strictly speaking, we should have prohibit silent ignoring of everything including DONT_FRAGMENT and CSUM tunnel flags, but that will break the tunnel offloading entirely. So, partially keeping incorrect behaviour for now, fixing the most broken bits.
To have a more or less viable solution, TC in kernel should add support for TUNNEL_DONT_FRAGMENT in set tunnel key action (also, TUNNEL_OAM support would be nice). And we also need support to match on them, i.e. support for: TCA_FLOWER_KEY_ENC_DONT_FRAGMENT TCA_FLOWER_KEY_ENC_NO_CSUM TCA_FLOWER_KEY_ENC_OAM And corresponding _MASK keys as well. Maybe TCA_FLOWER_KEY_ENC_TUN_FLAGS instead? With that OVS will have to probe the kernel for support and use them or fail the offload. I didn't test these patches with real HW. Only checked system tests from check-offloads and normal check-kernel hacked with offlaods enabled. Version 3: - Added 'Reviewed-by' from Roi on patches 2, 3 and 5. - Fixed incorect read from the OVS_TUNNEL_KEY_ATTR_CSUM flag attribute. [Paul] - Re-worked setting/clearing FLOW_TNL_F_UDPIF flag along with the metadata.present.len, because flower always has an exact match on the length and the metadata is always in UDPIF format. [Roi] Version 2: - Added clear of tunnel masks on 'else' condition, since some bits can still be there even if the tunnel matching is not needed. - Instead of adding support for masked match on tp_dst, it just handled explicitly with exact match to avoid inability of offload on mlx5 NICs. - Added patch to fix mask of the tunnel metadata length. - 'Masks vs keys' fix stripped into a separate patch. - New patch added to handle tp_src that was kind of consumed by tc_flower structure but was never actually passed to/from TC. Ilya Maximets (5): netdev-offload-tc: Fix the mask for tunnel metadata length. netdev-offload-tc: Explicitly handle mask for the tunnel destination port. netdev-offload-tc: Use masks instead of keys while parsing tunnel attributes. netdev-offload-tc: Fix ignoring unknown tunnel keys. netdev-offload-tc: Add missing handling of the tunnel source port. lib/dpif-netlink.c | 14 +--- lib/netdev-offload-tc.c | 139 +++++++++++++++++++++++++++++++++------- lib/netdev-offload.h | 3 - lib/tc.c | 43 +++++++++++-- 4 files changed, 153 insertions(+), 46 deletions(-) -- 2.34.3 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev