Re: [PATCH] net/mlx5: fix connection tracking state item validation

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
To: Dariusz Sosnowski <dsosnowski@nvidia.com>
Cc: ivan.malov@arknetworks.am, viacheslavo@nvidia.com,
	bingz@nvidia.com,  orika@nvidia.com, suanmingm@nvidia.com,
	matan@nvidia.com, dev@dpdk.org,  stable@dpdk.org
Subject: Re: [PATCH] net/mlx5: fix connection tracking state item validation
Date: Thu, 21 Aug 2025 16:16:08 +0500	[thread overview]
Message-ID: <CA++2-x5oR5qPvYK=JSWdqAAu6yFhbE+eFK38xBCCOQVKv_MZzA@mail.gmail.com> (raw)
In-Reply-To: <20250811151520.bonpjpefwuzuap65@ds-vm-debian.local>

[-- Attachment #1: Type: text/plain, Size: 3723 bytes --]

Hi Dariusz,
I have tested the following example and it is working fine.
Can we add this example to documentation
(either in https://doc.dpdk.org/guides/testpmd_app_ug/testpmd_funcs.html or
mlx5 or somewhere else) ?

On Mon, Aug 11, 2025 at 8:17 PM Dariusz Sosnowski <dsosnowski@nvidia.com>
wrote:

>
> [1]: Full conntrack example, testpmd commands:
>
> # Initial conntrack action configuration: original direction, state
> SYN_RECV, liberal mode and enabled
> set conntrack com peer 0 is_orig 1 enable 1 live 0 sack 0 cack 0 last_dir
> 0 liberal 1 state 0 max_ack_win 0 r_lim 5 last_win 510 last_seq 2000
> last_ack 101 last_end 101 last_index 0x2
> set conntrack orig scale 0xf fin 0 acked 1 unack_data 0 sent_end 101
> reply_end 65535 max_win 0 max_ack 0
> set conntrack rply scale 0xf fin 0 acked 1 unack_data 0 sent_end 2001
> reply_end 65535 max_win 0 max_ack 101
> flow indirect_action 0 create ingress action conntrack / end
>
> # Create a rule for original direction
> flow create 0 group 3 ingress pattern eth / ipv4 src is 1.2.3.4 dst is
> 5.6.7.8 / tcp src is 40000 dst is 50000 / end actions indirect 0 / jump
> group 5 / end
>
> # Update conntrack action - now rule will created for reply direction
> set conntrack com peer 0 is_orig 0 enable 1 live 0 sack 0 cack 0 last_dir
> 0 liberal 1 state 0 max_ack_win 0 r_lim 5 last_win 510 last_seq 2000
> last_ack 101 last_end 101 last_index 0x2
> flow indirect_action 0 update 0 action conntrack_update dir / end
>
> # Create a rule for reply direction
> flow create 0 group 3 ingress pattern eth / ipv4 src is 5.6.7.8 dst is
> 1.2.3.4 / tcp src is 50000 dst is 40000 / end actions indirect 0 / jump
> group 5 / end
>
> # Create group 0 rule for TCP traffic
> flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump group 3
> / end
>
> # Match valid packets, mark and send to queue 0
> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 /
> end actions mark id 0x111 / queue index 0 / end
> # Match valid packets which change connection state
> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 3 /
> end actions mark id 0x333 / queue index 0 / end
>
> set verbose 1
> set fwd rxonly
> start
>
> Example packets to send after all flow rules are created:
>
> # ACK in handshake: transition SYN_RECV->ESTABLISHED; logged as "FDIR
> matched ID=0x333"
> pkt = (Ether() / IP(src='1.2.3.4', dst='5.6.7.8') / TCP(sport=40000,
> dport=50000, flags='A', seq=101, ack=2001))
>
> # some data from original direction; logged as "FDIR matched ID=0x111"
> pkt = (Ether() / IP(src='1.2.3.4', dst='5.6.7.8') / TCP(sport=40000,
> dport=50000, flags='A', seq=101, ack=2001) / Raw(load=b'a' * 100))
>
> # ack from reply direction; logged as "FDIR matched ID=0x111"
> pkt = (Ether() / IP(src='5.6.7.8', dst='1.2.3.4') / TCP(sport=50000,
> dport=40000, flags='A', seq=2001, ack=201))
>
> # fin from original direction; logged as "FDIR matched ID=0x333"
> pkt = (Ether() / IP(src='1.2.3.4', dst='5.6.7.8') / TCP(sport=40000,
> dport=50000, flags='F', seq=201, ack=2001))
>
> # ack from reply direction; logged as "FDIR matched ID=0x333"
> pkt = (Ether() / IP(src='5.6.7.8', dst='1.2.3.4') / TCP(sport=50000,
> dport=40000, flags='A', seq=2001, ack=202))
>
> # fin from reply direction; logged as "FDIR matched ID=0x333"
> pkt = (Ether() / IP(src='5.6.7.8', dst='1.2.3.4') / TCP(sport=50000,
> dport=40000, flags='F', seq=2001, ack=202))
>
> # ack from original direction; logged as "FDIR matched ID=0x333"
> pkt = (Ether() / IP(src='1.2.3.4', dst='5.6.7.8') / TCP(sport=40000,
> dport=50000, flags='A', seq=201, ack=2002))
>

Best Regards,
Khadem

[-- Attachment #2: Type: text/html, Size: 4497 bytes --]

next prev parent reply	other threads:[~2025-08-21 11:16 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-05 13:23 Khadem Ullah
2025-08-05 14:44 ` Ivan Malov
2025-08-06  8:51   ` Khadem Ullah
2025-08-08  7:47     ` Dariusz Sosnowski
2025-08-11  6:21       ` Khadem Ullah
2025-08-11 15:15         ` Dariusz Sosnowski
2025-08-11 16:27           ` Khadem Ullah
2025-08-11 17:18             ` Dariusz Sosnowski
2025-08-12  9:51               ` Dariusz Sosnowski
2025-08-12 12:50                 ` Khadem Ullah
2025-08-21 11:16           ` Khadem Ullah [this message]
2025-08-12 12:46 ` [PATCH v2] " Khadem Ullah
2025-08-13 14:16   ` Dariusz Sosnowski
2025-08-14  9:06     ` Khadem Ullah
2025-08-18 17:20     ` Thomas Monjalon
2025-08-20 10:00       ` Dariusz Sosnowski
2025-08-14  8:58   ` [PATCH v3] " Khadem Ullah
2025-08-14  9:33     ` Dariusz Sosnowski
2025-08-14 10:20       ` Khadem Ullah
2025-08-14 10:16     ` [PATCH v4] " Khadem Ullah
2025-08-14 11:43       ` Dariusz Sosnowski
2025-08-15 11:12     ` [PATCH] app/testpmd: add contrack state inspect commands commands Khadem Ullah
2025-08-15 11:15     ` [PATCH] app/testpmd: add contrack CT state inspect commands Khadem Ullah
2025-08-20 18:48       ` Stephen Hemminger
2025-08-21  5:10         ` Khadem Ullah

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA++2-x5oR5qPvYK=JSWdqAAu6yFhbE+eFK38xBCCOQVKv_MZzA@mail.gmail.com' \
    --to=14pwcse1224@uetpeshawar.edu.pk \
    --cc=bingz@nvidia.com \
    --cc=dev@dpdk.org \
    --cc=dsosnowski@nvidia.com \
    --cc=ivan.malov@arknetworks.am \
    --cc=matan@nvidia.com \
    --cc=orika@nvidia.com \
    --cc=stable@dpdk.org \
    --cc=suanmingm@nvidia.com \
    --cc=viacheslavo@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).