From: Vlad Buslov <vladbu@nvidia.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: <netfilter-devel@vger.kernel.org>, <kadlec@netfilter.org>,
<fw@strlen.de>, <ozsh@nvidia.com>, <paulb@nvidia.com>
Subject: Re: [PATCH net-next 2/8] netfilter: introduce total count of hw offloaded flow table entries
Date: Tue, 15 Mar 2022 18:34:36 +0200 [thread overview]
Message-ID: <87pmmntbqi.fsf@nvidia.com> (raw)
In-Reply-To: <YjBtTdcYk0lJqsYw@salvia>
On Tue 15 Mar 2022 at 11:41, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Sat, Mar 12, 2022 at 09:51:45PM +0200, Vlad Buslov wrote:
>>
>> On Mon 07 Mar 2022 at 22:56, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> > On Tue, Feb 22, 2022 at 05:09:57PM +0200, Vlad Buslov wrote:
>> >> To improve hardware offload debuggability and allow capping total amount of
>> >> offloaded entries in following patch extend struct netns_nftables with
>> >> 'count_hw' counter and expose it to userspace as 'nf_flowtable_count_hw'
>> >> sysctl entry. Increment the counter together with setting NF_FLOW_HW flag
>> >> when scheduling offload add task on workqueue and decrement it after
>> >> successfully scheduling offload del task.
>> >>
>> >> Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
>> >> Signed-off-by: Oz Shlomo <ozsh@nvidia.com>
>> >> Reviewed-by: Paul Blakey <paulb@nvidia.com>
>> >> ---
>> >> include/net/netns/nftables.h | 1 +
>> >> net/netfilter/nf_conntrack_standalone.c | 12 ++++++++++++
>> >> net/netfilter/nf_flow_table_core.c | 12 ++++++++++--
>> >> 3 files changed, 23 insertions(+), 2 deletions(-)
>> >>
>> >> diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
>> >> index 8c77832d0240..262b8b3213cb 100644
>> >> --- a/include/net/netns/nftables.h
>> >> +++ b/include/net/netns/nftables.h
>> >> @@ -6,6 +6,7 @@
>> >>
>> >> struct netns_nftables {
>> >> u8 gencursor;
>> >> + atomic_t count_hw;
>> >
>> > In addition to the previous comments: I'd suggest to use
>> > register_pernet_subsys() and register the sysctl from the
>> > nf_flow_table_offload.c through nf_flow_table_offload_init()
>> > file instead of using the conntrack nf_ct_sysctl_table[].
>> >
>> > That would require a bit more work though.
>>
>> I added the new sysctl in ct because there is already similar-ish
>> NF_SYSCTL_CT_PROTO_TIMEOUT_UDP_OFFLOAD that is also part of ct sysctl
>> but is actually used by flow table code. I'll implement dedicated sysctl
>> table for nf_flow_table_* code, if you suggest it is warranted for this
>> change.
>
> IIRC, that was removed.
>
> commit 4592ee7f525c4683ec9e290381601fdee50ae110
> Author: Florian Westphal <fw@strlen.de>
> Date: Wed Aug 4 15:02:15 2021 +0200
>
> netfilter: conntrack: remove offload_pickup sysctl again
>
> I think it's good if we start having a dedicated sysctl for the
> flowtable, yes.
>
> Thanks.
Got it. Will move these sysctls into dedicated namespace in v2.
next prev parent reply other threads:[~2022-03-15 16:35 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-22 15:09 [PATCH net-next 0/8] Conntrack offload debuggability improvements Vlad Buslov
2022-02-22 15:09 ` [PATCH net-next 1/8] net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Vlad Buslov
2022-03-07 21:09 ` Pablo Neira Ayuso
2022-02-22 15:09 ` [PATCH net-next 2/8] netfilter: introduce total count of hw offloaded flow table entries Vlad Buslov
2022-03-07 21:47 ` Pablo Neira Ayuso
2022-03-12 18:56 ` Vlad Buslov
2022-03-15 10:23 ` Pablo Neira Ayuso
2022-03-15 16:18 ` Vlad Buslov
2022-03-07 21:56 ` Pablo Neira Ayuso
2022-03-12 19:51 ` Vlad Buslov
2022-03-15 10:41 ` Pablo Neira Ayuso
2022-03-15 16:34 ` Vlad Buslov [this message]
2022-02-22 15:09 ` [PATCH net-next 3/8] netfilter: introduce max " Vlad Buslov
2022-03-07 22:13 ` Pablo Neira Ayuso
2022-03-12 19:32 ` Vlad Buslov
2022-02-22 15:09 ` [PATCH net-next 4/8] netfilter: introduce total count of hw offload 'add' workqueue tasks Vlad Buslov
2022-03-07 22:46 ` Pablo Neira Ayuso
2022-02-22 15:10 ` [PATCH net-next 5/8] netfilter: introduce max " Vlad Buslov
2022-03-07 22:43 ` Pablo Neira Ayuso
2022-03-12 19:59 ` Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 6/8] netfilter: introduce total count of hw offload 'del' " Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 7/8] netfilter: introduce total count of hw offload 'stats' wq tasks Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 8/8] netfilter: flowtable: add hardware offload tracepoints Vlad Buslov
2022-03-07 22:49 ` Pablo Neira Ayuso
2022-03-12 20:05 ` Vlad Buslov
2022-03-15 10:29 ` Pablo Neira Ayuso
2022-03-15 16:36 ` Vlad Buslov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmmntbqi.fsf@nvidia.com \
--to=vladbu@nvidia.com \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ozsh@nvidia.com \
--cc=pablo@netfilter.org \
--cc=paulb@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.