[PATCH net-next v3 0/3] Conntrack offload debuggability improvements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Current conntrack offload implementation doesn't provide much visibility
and control over offload code. The code just tries to offload new flows,
even if current amount of flows is beyond what can be reasonably
processed by target hardware. On top of that there is no way to
determine current load on workqueues that process the offload tasks
which makes it hard to debug the cases where offload is significantly
delayed due to rate of new connections being higher than driver or
hardware offload rate.

Improve the debuggability situation by implementing following new
functionality:

- Sysctls for current total count of offloaded flow and
  user-configurable maximum. Capping the amount of offloaded flows can
  be useful for the allocations of hardware resources. Note that the
  flow can still be offloaded afterwards via 'refresh' mechanism if
  total hardware count.

- Procfs for current total of workqueue tasks for nf_ft_offload_add,
  nf_ft_offload_del and nf_ft_offload_stats queues. This allows
  visibility for flow offload delay due to system scheduling offload
  tasks faster than driver/hardware can process them.

Vlad Buslov (3):
  net/sched: act_ct: set 'net' pointer when creating new nf_flow_table
  netfilter: nf_flow_table: count and limit hw offloaded entries
  netfilter: nf_flow_table: count pending offload workqueue tasks

 .../networking/nf_conntrack-sysctl.rst        |   9 ++
 include/net/net_namespace.h                   |   6 +
 include/net/netfilter/nf_flow_table.h         |  57 +++++++
 include/net/netns/flow_table.h                |  14 ++
 net/netfilter/Kconfig                         |   9 ++
 net/netfilter/Makefile                        |   1 +
 net/netfilter/nf_flow_table_core.c            |  89 ++++++++++-
 net/netfilter/nf_flow_table_offload.c         |  55 ++++++-
 net/netfilter/nf_flow_table_sysctl.c          | 148 ++++++++++++++++++
 net/sched/act_ct.c                            |   5 +-
 10 files changed, 380 insertions(+), 13 deletions(-)
 create mode 100644 include/net/netns/flow_table.h
 create mode 100644 net/netfilter/nf_flow_table_sysctl.c

-- 
2.31.1




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux