From: Ori Kam <orika@nvidia.com>
To: Bing Zhao <bingz@nvidia.com>,
NBU-Contact-Thomas Monjalon <thomas@monjalon.net>,
"ferruh.yigit@intel.com" <ferruh.yigit@intel.com>,
"andrew.rybchenko@oktetlabs.ru" <andrew.rybchenko@oktetlabs.ru>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"ajit.khaparde@broadcom.com" <ajit.khaparde@broadcom.com>,
"xiaoyun.li@intel.com" <xiaoyun.li@intel.com>
Subject: Re: [dpdk-dev] [PATCH v4 3/3] doc: update for conntrack
Date: Mon, 19 Apr 2021 17:37:38 +0000 [thread overview]
Message-ID: <DM6PR12MB4987E702511724FB9AD4CCC9D6499@DM6PR12MB4987.namprd12.prod.outlook.com> (raw)
In-Reply-To: <1618852616-369498-4-git-send-email-bingz@nvidia.com>
Hi Bing
I think that this patch should be merged to the two previous patches.
Except this,
Acked-by: Ori Kam <orika@nvidia.com>
Thanks,
Ori
> -----Original Message-----
> From: Bing Zhao <bingz@nvidia.com>
> Sent: Monday, April 19, 2021 8:17 PM
> Subject: [PATCH v4 3/3] doc: update for conntrack
>
> The updated documentations include:
> 1. Release notes
> 2. rte_flow.rst
> 3. testpmd user guide
>
> Signed-off-by: Bing Zhao <bingz@nvidia.com>
> ---
> doc/guides/prog_guide/rte_flow.rst | 118 ++++++++++++++++++++
> doc/guides/rel_notes/release_21_05.rst | 4 +
> doc/guides/testpmd_app_ug/testpmd_funcs.rst | 35 ++++++
> 3 files changed, 157 insertions(+)
>
> diff --git a/doc/guides/prog_guide/rte_flow.rst
> b/doc/guides/prog_guide/rte_flow.rst
> index 4b54588995..caabc49143 100644
> --- a/doc/guides/prog_guide/rte_flow.rst
> +++ b/doc/guides/prog_guide/rte_flow.rst
> @@ -1398,6 +1398,14 @@ Matches a eCPRI header.
> - ``hdr``: eCPRI header definition (``rte_ecpri.h``).
> - Default ``mask`` matches nothing, for all eCPRI messages.
>
> +Item: ``CONNTRACK``
> +^^^^^^^^^^^^^^^^^^^
> +
> +Matches a conntrack state after conntrack action.
> +
> +- ``flags``: conntrack packet state flags.
> +- Default ``mask`` matches all state bits.
> +
> Actions
> ~~~~~~~
>
> @@ -2842,6 +2850,116 @@ for ``RTE_FLOW_FIELD_VALUE`` and
> ``RTE_FLOW_FIELD_POINTER`` respectively.
> | ``value`` | immediate value or a pointer to this value |
> +---------------+----------------------------------------------------------+
>
> +Action: ``CONNTRACK``
> +^^^^^^^^^^^^^^^^^^^^^
> +
> +Create a conntrack (connection tracking) context with the provided
> information.
> +
> +In stateful session like TCP, the conntrack action provides the ability to
> +examine every packet of this connection and associate the state to every
> +packet. It will help to realize the stateful offload of connections with little
> +software participation. For example, the packets with invalid state may be
> +handled by the software. The control packets could be handled in the
> hardware.
> +The software just need to query the state of a connection when needed, and
> then
> +decide how to handle the flow rules and conntrack context.
> +
> +A conntrack context should be created via ``rte_flow_action_handle_create()``
> +before using. Then the handle with ``INDIRECT`` type is used for a flow rule
> +creation. If a flow rule with an opposite direction needs to be created, the
> +``rte_flow_action_handle_update()`` should be used to modify the direction.
> +
> +Not all the fields of the ``struct rte_flow_action_conntrack`` will be used
> +for a conntrack context creating, depending on the HW, and they should be
> +in host byte order. PMD should convert them into network byte order when
> +needed by the HW.
> +
> +The ``struct rte_flow_modify_conntrack`` should be used for an updating.
> +
> +The current conntrack context information could be queried via the
> +``rte_flow_action_handle_query()`` interface.
> +
> +.. _table_rte_flow_action_conntrack:
> +
> +.. table:: CONNTRACK
> +
> + +--------------------------+-------------------------------------------------------------+
> + | Field | Value |
> +
> +==========================+====================================
> =========================+
> + | ``peer_port`` | peer port number |
> + +--------------------------+-------------------------------------------------------------+
> + | ``is_original_dir`` | direction of this connection for creating flow rule
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``enable`` | enable the conntrack context |
> + +--------------------------+-------------------------------------------------------------+
> + | ``live_connection`` | one ack was seen for this connection
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``selective_ack`` | SACK enabled |
> + +--------------------------+-------------------------------------------------------------+
> + | ``challenge_ack_passed`` | a challenge ack has passed
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``last_direction`` | direction of the last passed packet |
> + +--------------------------+-------------------------------------------------------------+
> + | ``liberal_mode`` | only report state change |
> + +--------------------------+-------------------------------------------------------------+
> + | ``state`` | current state |
> + +--------------------------+-------------------------------------------------------------+
> + | ``max_ack_window`` | maximal window scaling factor
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``retransmission_limit`` | maximal retransmission times
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``original_dir`` | TCP parameters of the original direction
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``reply_dir`` | TCP parameters of the reply direction |
> + +--------------------------+-------------------------------------------------------------+
> + | ``last_window`` | window value of the last passed packet
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``last_seq`` | sequence value of the last passed packet |
> + +--------------------------+-------------------------------------------------------------+
> + | ``last_ack`` | acknowledgment value the last passed packet
> |
> + +--------------------------+-------------------------------------------------------------+
> + | ``last_end`` | sum of ack number and length of the last passed
> packet |
> + +--------------------------+-------------------------------------------------------------+
> +
> +.. _table_rte_flow_tcp_dir_param:
> +
> +.. table:: configuration parameters for each direction
> +
> + +---------------------+---------------------------------------------------------+
> + | Field | Value |
> +
> +=====================+=========================================
> ================+
> + | ``scale`` | TCP window scaling factor |
> + +---------------------+---------------------------------------------------------+
> + | ``close_initiated`` | FIN sent from this direction |
> + +---------------------+---------------------------------------------------------+
> + | ``last_ack_seen`` | an ACK packet received |
> + +---------------------+---------------------------------------------------------+
> + | ``data_unacked`` | unacknowledged data for packets from this direction
> |
> + +---------------------+---------------------------------------------------------+
> + | ``sent_end`` | max{seq + len} seen in sent packets |
> + +---------------------+---------------------------------------------------------+
> + | ``reply_end`` | max{sack + max{win, 1}} seen in reply packets |
> + +---------------------+---------------------------------------------------------+
> + | ``max_win`` | max{max{win, 1}} + {sack - ack} seen in sent packets |
> + +---------------------+---------------------------------------------------------+
> + | ``max_ack`` | max{ack} + seen in sent packets |
> + +---------------------+---------------------------------------------------------+
> +
> +.. _table_rte_flow_modify_conntrack:
> +
> +.. table:: update a conntrack context
> +
> + +----------------+-------------------------------------------------+
> + | Field | Value |
> +
> +================+==============================================
> ===+
> + | ``new_ct`` | new conntrack information |
> + +----------------+-------------------------------------------------+
> + | ``direction`` | direction will be updated |
> + +----------------+-------------------------------------------------+
> + | ``state`` | other fields except direction will be updated |
> + +----------------+-------------------------------------------------+
> + | ``reserved`` | reserved bits |
> + +----------------+-------------------------------------------------+
> +
> Negative types
> ~~~~~~~~~~~~~~
>
> diff --git a/doc/guides/rel_notes/release_21_05.rst
> b/doc/guides/rel_notes/release_21_05.rst
> index 8913dd4f9c..fb978aebe3 100644
> --- a/doc/guides/rel_notes/release_21_05.rst
> +++ b/doc/guides/rel_notes/release_21_05.rst
> @@ -203,6 +203,10 @@ New Features
> the events across multiple stages.
> * This also reduced the scheduling overhead on a event device.
>
> +* **Added conntrack support for rte_flow.**
> +
> + * Added conntrack action and item for stateful offloading.
> +
> * **Updated testpmd.**
>
> * Added a command line option to configure forced speed for Ethernet port.
> diff --git a/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> index 715e209fd2..efa32bb6ad 100644
> --- a/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> +++ b/doc/guides/testpmd_app_ug/testpmd_funcs.rst
> @@ -3789,6 +3789,8 @@ This section lists supported pattern items and their
> attributes, if any.
> - ``s_field {unsigned}``: S field.
> - ``seid {unsigned}``: session endpoint identifier.
>
> +- ``conntrack``: match conntrack state.
> +
> Actions list
> ^^^^^^^^^^^^
>
> @@ -4927,6 +4929,39 @@ NVGRE encapsulation header and sent to port id 0.
> testpmd> flow create 0 ingress transfer pattern eth / end actions
> sample ratio 1 index 0 / port_id id 2 / end
>
> +Sample conntrack rules
> +~~~~~~~~~~~~~~~~~~~~~~
> +
> +Conntrack rules can be set by the following commands
> +
> +Need to construct the connection context with provided information.
> +In the first table, create a flow rule by using conntrack action and jump to
> +the next table. In the next table, create a rule to check the state.
> +
> +::
> +
> + testpmd> set conntrack com peer 1 is_orig 1 enable 1 live 1 sack 1 cack 0
> + last_dir 0 liberal 0 state 1 max_ack_win 7 r_lim 5 last_win 510
> + last_seq 2632987379 last_ack 2532480967 last_end 2632987379
> + last_index 0x8
> + testpmd> set conntrack orig scale 7 fin 0 acked 1 unack_data 0
> + sent_end 2632987379 reply_end 2633016339 max_win 28960
> + max_ack 2632987379
> + testpmd> set conntrack rply scale 7 fin 0 acked 1 unack_data 0
> + sent_end 2532480967 reply_end 2532546247 max_win 65280
> + max_ack 2532480967
> + testpmd> flow indirect_action 0 create ingress action conntrack / end
> + testpmd> flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions
> indirect 0 / jump group 5 / end
> + testpmd> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is
> 1 / end actions queue index 5 / end
> +
> +Construct the conntrack again with only "is_orig" set to 0 (other fields are
> +ignored), then use "update" interface to update the direction. Create flow
> +rules like above for the peer port.
> +
> +::
> +
> + testpmd> flow indirect_action 0 update 0 action conntrack_update dir / end
> +
> BPF Functions
> --------------
>
> --
> 2.19.0.windows.1
next prev parent reply other threads:[~2021-04-19 17:37 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 7:30 [dpdk-dev] [RFC] ethdev: introduce conntrack flow action and item Bing Zhao
2021-03-22 15:16 ` Andrew Rybchenko
2021-04-07 7:43 ` Bing Zhao
2021-03-23 23:27 ` Ajit Khaparde
2021-04-07 2:41 ` Bing Zhao
2021-04-10 13:46 ` [dpdk-dev] [PATCH] " Bing Zhao
2021-04-15 16:24 ` Ori Kam
2021-04-15 16:44 ` Bing Zhao
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 0/2] " Bing Zhao
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 1/2] " Bing Zhao
2021-04-16 10:49 ` Thomas Monjalon
2021-04-16 18:18 ` Bing Zhao
2021-04-16 12:41 ` Ori Kam
2021-04-16 18:05 ` Bing Zhao
2021-04-16 21:47 ` Ajit Khaparde
2021-04-17 6:10 ` Bing Zhao
2021-04-17 14:54 ` Ajit Khaparde
2021-04-15 16:41 ` [dpdk-dev] [PATCH v2 2/2] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-16 8:46 ` Ori Kam
2021-04-16 18:20 ` Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 0/3] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 1/3] " Bing Zhao
2021-04-16 18:30 ` Ajit Khaparde
2021-04-19 14:08 ` Thomas Monjalon
2021-04-19 16:21 ` Bing Zhao
2021-04-19 14:06 ` Thomas Monjalon
2021-04-19 16:13 ` Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 2/3] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-16 17:54 ` [dpdk-dev] [PATCH v3 3/3] doc: update " Bing Zhao
2021-04-16 18:22 ` Thomas Monjalon
2021-04-16 18:30 ` Ajit Khaparde
2021-04-19 17:28 ` Bing Zhao
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 0/3] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 1/3] " Bing Zhao
2021-04-19 17:33 ` Ori Kam
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 2/3] app/testpmd: add CLI for conntrack Bing Zhao
2021-04-19 17:35 ` Ori Kam
2021-04-19 17:16 ` [dpdk-dev] [PATCH v4 3/3] doc: update " Bing Zhao
2021-04-19 17:32 ` Thomas Monjalon
2021-04-19 17:37 ` Ori Kam [this message]
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 0/2] ethdev: introduce conntrack flow action and item Bing Zhao
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 1/2] " Bing Zhao
2021-04-19 18:07 ` Thomas Monjalon
2021-04-19 23:29 ` Ferruh Yigit
2021-04-19 17:51 ` [dpdk-dev] [PATCH v5 2/2] app/testpmd: add CLI for conntrack Bing Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM6PR12MB4987E702511724FB9AD4CCC9D6499@DM6PR12MB4987.namprd12.prod.outlook.com \
--to=orika@nvidia.com \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=bingz@nvidia.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=thomas@monjalon.net \
--cc=xiaoyun.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).