Current conntrack offload implementation doesn't provide much visibility and control over offload code. The code just schedules asynchronous offload tasks on dedicated workqueues without regard of current queue size even when scheduled task will only be processed after significant delay and might be no longer needed. Improve the debuggability situation by implementing following new functionality: - Sysctls for current total count of offloaded flow and user-configurable maximum. Capping the amount of offloaded flows can be useful for the allocations of hardware resources. - Sysctls for current total of workqueue tasks for nf_ft_offload_add, nf_ft_offload_del and nf_ft_offload_stats queues. Also, allow setting maximum of total allowed concurrent 'add' tasks. This allows visibility for flow offload delay due to system scheduling offload tasks faster than driver/hardware can process them and allows setting some bound on the delay (for example, in case of short-lived connections user might prefer to skip offloading of flow that will be only be offloaded in 10 seconds). Note that the flow can still be offloaded afterwards via 'refresh' mechanism if both total hardware count and workqueue count are reduced below limits. - Tracepoints in offload code. These are primary targeted to facilitate writing BPF helpers for some common debug scenarios (creating histogram of latency between scheduling flow offload and processing the task, dynamic difference between new offloads and deletions, etc.). Vlad Buslov (8): net/sched: act_ct: set 'net' pointer when creating new nf_flow_table netfilter: introduce total count of hw offloaded flow table entries netfilter: introduce max count of hw offloaded flow table entries netfilter: introduce total count of hw offload 'add' workqueue tasks netfilter: introduce max count of hw offload 'add' workqueue tasks netfilter: introduce total count of hw offload 'del' workqueue tasks netfilter: introduce total count of hw offload 'stats' wq tasks netfilter: flowtable: add hardware offload tracepoints include/net/netfilter/nf_flow_table.h | 9 ++++ include/net/netns/nftables.h | 6 +++ net/netfilter/nf_conntrack_standalone.c | 56 +++++++++++++++++++++ net/netfilter/nf_flow_table_core.c | 33 +++++++++++- net/netfilter/nf_flow_table_offload.c | 43 ++++++++++++---- net/netfilter/nf_flow_table_offload_trace.h | 48 ++++++++++++++++++ net/sched/act_ct.c | 5 +- 7 files changed, 186 insertions(+), 14 deletions(-) create mode 100644 net/netfilter/nf_flow_table_offload_trace.h -- 2.31.1
