Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"

From: Pablo Neira Ayuso
Date: Mon Jul 12 2021 - 05:47:58 EST

Next message: Hsin-Yi Wang: "[PATCH] drm/mediatek: mtk-dpi: Set out_fmt from config if not the last bridge"
Previous message: Thomas Zimmermann: "Re: [v8 1/6] drm/panel: add basic DP AUX backlight support"
In reply to: Aleksander Bajkowski: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Next in thread: Felix Fietkau: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Martin,

On Sun, Jul 11, 2021 at 03:02:44AM +0200, Martin Blumenstingl wrote:
> Hi Aleksander,
>
> > The xt_flowoffload module is inconditionally setting on the hardware
> > offload flag:
> [...]
> >
> > which is triggering the slow down because packet path is allocating
> > work to offload the entry to hardware, however, this driver does not
> > support for hardware offload.
> >
> > Probably this module can be updated to unset the flowtable flag if the
> > harware does not support hardware offload.
>
> yesterday there was a discussion about this on the #openwrt-devel IRC
> channel. I am adding the IRC log to the end of this email because I am
> not sure if you're using IRC.
>
> I typically don't test with flow offloading enabled (I am testing with
> OpenWrt's "default" network configuration, where flow offloading is
> disabled by default). Also I am not familiar with the flow offloading
> code at all and reading the xt_FLOWOFFLOAD code just raised more
> questions for me.
>
> Maybe you can share some info whether your workaround from [0] "fixes"
> this issue. I am aware that it will probably break other devices. But
> maybe it helps Pablo to confirm whether it's really an xt_FLOWOFFLOAD
> bug or rather some generic flow offload issue (as Felix suggested on
> IRC).

Maybe the user reporting this issue is enabling the --hw option?
As I said, the patch that is being proposed to be revert is just
amplifying.

The only way to trigger this bug that I can find is:

- NF_FLOWTABLE_HW_OFFLOAD is enabled.
- packets are following the software path.

I don't see yet how this can happen with upstream codebase, nftables
enables NF_FLOWTABLE_HW_OFFLOAD at configuration time, if the driver
does not support for hardware offload, then NF_FLOWTABLE_HW_OFFLOAD is
not set.

Is xt_flowoffload rejecting the rule load if user specifies --hw and
the hardware does not support for hardware offload?

By reading Felix's discussion on the IRC, it seems to me he does not
like that the packet path retries to offload flows. If so, it should
be possible to add a driver flag to disable this behaviour, so driver
developers select what they prefer that flowtable core retries to
offload entries. I can have a look into adding such flag and use it
from the mtk driver.

Next message: Hsin-Yi Wang: "[PATCH] drm/mediatek: mtk-dpi: Set out_fmt from config if not the last bridge"
Previous message: Thomas Zimmermann: "Re: [v8 1/6] drm/panel: add basic DP AUX backlight support"
In reply to: Aleksander Bajkowski: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Next in thread: Felix Fietkau: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]