On 4/26/2020 4:53 PM, Pablo Neira Ayuso wrote:
On Tue, Apr 21, 2020 at 10:04:16AM -0500, Bodong Wang wrote:
This bit indicates that the conntrack entry is offloaded to hardware
flow table. nf_conntrack entry will be tagged with [HW_OFFLOAD] if
it's offload to hardware.
cat /proc/net/nf_conntrack
ipv4 2 tcp 6 \
src=1.1.1.17 dst=1.1.1.16 sport=56394 dport=5001 \
src=1.1.1.16 dst=1.1.1.17 sport=5001 dport=56394 [HW_OFFLOAD] \
mark=0 zone=0 use=3
Note that HW_OFFLOAD/OFFLOAD/ASSURED are mutually exclusive.
Applied, thanks.
Could you also test the following userspace patches for
libnetfilter_conntrack and the conntrack-tools to get the netlink
tools in feature parity? If they work fine there, I'll formally submit
them.
Thanks.
Hi Pablo,
I tested your patches, they worked well.
Thanks!
# conntrack -L | grep 1.1.1.16
conntrack v1.4.6 (conntrack-tools): 12 flow entries have been shown.
tcp 6 src=1.1.1.17 dst=1.1.1.16 sport=56408 dport=5001 src=1.1.1.16
dst=1.1.1.17 sport=5001 dport=56408 [HW_OFFLOAD] mark=0 use=2
tcp 6 src=1.1.1.17 dst=1.1.1.16 sport=56404 dport=5001 src=1.1.1.16
dst=1.1.1.17 sport=5001 dport=56404 [HW_OFFLOAD] mark=0 use=2
# cat /proc/net/nf_conntrack | grep 1.1.1.16
ipv4 2 tcp 6 src=1.1.1.17 dst=1.1.1.16 sport=56408 dport=5001
src=1.1.1.16 dst=1.1.1.17 sport=5001 dport=56408 [HW_OFFLOAD] mark=0
zone=0 use=3
ipv4 2 tcp 6 src=1.1.1.17 dst=1.1.1.16 sport=56404 dport=5001
src=1.1.1.16 dst=1.1.1.17 sport=5001 dport=56404 [HW_OFFLOAD] mark=0
zone=0 use=3
