From: Vlad Buslov <vladbu@nvidia.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: <netfilter-devel@vger.kernel.org>, <kadlec@netfilter.org>,
<fw@strlen.de>, <ozsh@nvidia.com>, <paulb@nvidia.com>
Subject: Re: [PATCH net-next 8/8] netfilter: flowtable: add hardware offload tracepoints
Date: Sat, 12 Mar 2022 22:05:55 +0200 [thread overview]
Message-ID: <877d8zue2n.fsf@nvidia.com> (raw)
In-Reply-To: <YiaL5a8akGHoIXLE@salvia>
On Mon 07 Mar 2022 at 23:49, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Tue, Feb 22, 2022 at 05:10:03PM +0200, Vlad Buslov wrote:
>> Add tracepoints to trace creation and start of execution of flowtable
>> hardware offload 'add', 'del' and 'stats' tasks. Move struct
>> flow_offload_work from source into header file to allow access to structure
>> fields from tracepoint code.
>
> This patch, I would prefer to keep it back and explore exposing trace
> infrastructure for the flowtable through netlink.
>
What approach do you have in mind with netlink? I used tracepoints here
because they are:
- Incur no performance penalty when disabled.
- Handy to attach BPF programs to.
According to my experience with optimizing TC control path parsing
Netlink is CPU-intensive. I am also not aware of mechanisms to leverage
it to attach BPF.
>> Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
>> Signed-off-by: Oz Shlomo <ozsh@nvidia.com>
>> Reviewed-by: Paul Blakey <paulb@nvidia.com>
>> ---
>> include/net/netfilter/nf_flow_table.h | 9 ++++
>> net/netfilter/nf_flow_table_offload.c | 20 +++++----
>> net/netfilter/nf_flow_table_offload_trace.h | 48 +++++++++++++++++++++
>> 3 files changed, 68 insertions(+), 9 deletions(-)
>> create mode 100644 net/netfilter/nf_flow_table_offload_trace.h
>>
>> diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
>> index a3647fadf1cc..5e2aef34acaa 100644
>> --- a/include/net/netfilter/nf_flow_table.h
>> +++ b/include/net/netfilter/nf_flow_table.h
>> @@ -174,6 +174,15 @@ struct flow_offload {
>> struct rcu_head rcu_head;
>> };
>>
>> +struct flow_offload_work {
>> + struct list_head list;
>> + enum flow_cls_command cmd;
>> + int priority;
>> + struct nf_flowtable *flowtable;
>> + struct flow_offload *flow;
>> + struct work_struct work;
>> +};
>> +
>> #define NF_FLOW_TIMEOUT (30 * HZ)
>> #define nf_flowtable_time_stamp (u32)jiffies
>>
>> diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
>> index ff52d903aad9..bf94050d5b54 100644
>> --- a/net/netfilter/nf_flow_table_offload.c
>> +++ b/net/netfilter/nf_flow_table_offload.c
>> @@ -12,20 +12,13 @@
>> #include <net/netfilter/nf_conntrack_acct.h>
>> #include <net/netfilter/nf_conntrack_core.h>
>> #include <net/netfilter/nf_conntrack_tuple.h>
>> +#define CREATE_TRACE_POINTS
>> +#include "nf_flow_table_offload_trace.h"
>>
>> static struct workqueue_struct *nf_flow_offload_add_wq;
>> static struct workqueue_struct *nf_flow_offload_del_wq;
>> static struct workqueue_struct *nf_flow_offload_stats_wq;
>>
>> -struct flow_offload_work {
>> - struct list_head list;
>> - enum flow_cls_command cmd;
>> - int priority;
>> - struct nf_flowtable *flowtable;
>> - struct flow_offload *flow;
>> - struct work_struct work;
>> -};
>> -
>> #define NF_FLOW_DISSECTOR(__match, __type, __field) \
>> (__match)->dissector.offset[__type] = \
>> offsetof(struct nf_flow_key, __field)
>> @@ -895,6 +888,8 @@ static void flow_offload_work_add(struct flow_offload_work *offload)
>> struct nf_flow_rule *flow_rule[FLOW_OFFLOAD_DIR_MAX];
>> int err;
>>
>> + trace_flow_offload_work_add(offload);
>> +
>> err = nf_flow_offload_alloc(offload, flow_rule);
>> if (err < 0)
>> return;
>> @@ -911,6 +906,8 @@ static void flow_offload_work_add(struct flow_offload_work *offload)
>>
>> static void flow_offload_work_del(struct flow_offload_work *offload)
>> {
>> + trace_flow_offload_work_del(offload);
>> +
>> clear_bit(IPS_HW_OFFLOAD_BIT, &offload->flow->ct->status);
>> flow_offload_tuple_del(offload, FLOW_OFFLOAD_DIR_ORIGINAL);
>> flow_offload_tuple_del(offload, FLOW_OFFLOAD_DIR_REPLY);
>> @@ -931,6 +928,8 @@ static void flow_offload_work_stats(struct flow_offload_work *offload)
>> struct flow_stats stats[FLOW_OFFLOAD_DIR_MAX] = {};
>> u64 lastused;
>>
>> + trace_flow_offload_work_stats(offload);
>> +
>> flow_offload_tuple_stats(offload, FLOW_OFFLOAD_DIR_ORIGINAL, &stats[0]);
>> flow_offload_tuple_stats(offload, FLOW_OFFLOAD_DIR_REPLY, &stats[1]);
>>
>> @@ -1034,6 +1033,7 @@ void nf_flow_offload_add(struct nf_flowtable *flowtable,
>> return;
>> }
>>
>> + trace_flow_offload_add(offload);
>> flow_offload_queue_work(offload);
>> }
>>
>> @@ -1048,6 +1048,7 @@ void nf_flow_offload_del(struct nf_flowtable *flowtable,
>> return;
>>
>> atomic_inc(&net->nft.count_wq_del);
>> + trace_flow_offload_del(offload);
>> set_bit(NF_FLOW_HW_DYING, &flow->flags);
>> flow_offload_queue_work(offload);
>> }
>> @@ -1068,6 +1069,7 @@ void nf_flow_offload_stats(struct nf_flowtable *flowtable,
>> return;
>>
>> atomic_inc(&net->nft.count_wq_stats);
>> + trace_flow_offload_stats(offload);
>> flow_offload_queue_work(offload);
>> }
>>
>> diff --git a/net/netfilter/nf_flow_table_offload_trace.h b/net/netfilter/nf_flow_table_offload_trace.h
>> new file mode 100644
>> index 000000000000..49cfbc2ec35d
>> --- /dev/null
>> +++ b/net/netfilter/nf_flow_table_offload_trace.h
>> @@ -0,0 +1,48 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +
>> +#undef TRACE_SYSTEM
>> +#define TRACE_SYSTEM nf
>> +
>> +#if !defined(_NF_FLOW_TABLE_OFFLOAD_TRACE_) || defined(TRACE_HEADER_MULTI_READ)
>> +#define _NF_FLOW_TABLE_OFFLOAD_TRACE_
>> +
>> +#include <linux/tracepoint.h>
>> +#include <net/netfilter/nf_tables.h>
>> +
>> +DECLARE_EVENT_CLASS(
>> + nf_flow_offload_work_template,
>> + TP_PROTO(struct flow_offload_work *w),
>> + TP_ARGS(w),
>> + TP_STRUCT__entry(
>> + __field(void *, work)
>> + __field(void *, flowtable)
>> + __field(void *, flow)
>> + ),
>> + TP_fast_assign(
>> + __entry->work = w;
>> + __entry->flowtable = w->flowtable;
>> + __entry->flow = w->flow;
>> + ),
>> + TP_printk("work=%p flowtable=%p flow=%p",
>> + __entry->work, __entry->flowtable, __entry->flow)
>> +);
>> +
>> +#define DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(name) \
>> + DEFINE_EVENT(nf_flow_offload_work_template, name, \
>> + TP_PROTO(struct flow_offload_work *w), TP_ARGS(w))
>> +
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_add);
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_work_add);
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_del);
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_work_del);
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_stats);
>> +DEFINE_NF_FLOW_OFFLOAD_WORK_EVENT(flow_offload_work_stats);
>> +
>> +#endif
>> +
>> +/* This part must be outside protection */
>> +#undef TRACE_INCLUDE_PATH
>> +#define TRACE_INCLUDE_PATH ../../net/netfilter
>> +#undef TRACE_INCLUDE_FILE
>> +#define TRACE_INCLUDE_FILE nf_flow_table_offload_trace
>> +#include <trace/define_trace.h>
>> --
>> 2.31.1
>>
next prev parent reply other threads:[~2022-03-12 20:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-22 15:09 [PATCH net-next 0/8] Conntrack offload debuggability improvements Vlad Buslov
2022-02-22 15:09 ` [PATCH net-next 1/8] net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Vlad Buslov
2022-03-07 21:09 ` Pablo Neira Ayuso
2022-02-22 15:09 ` [PATCH net-next 2/8] netfilter: introduce total count of hw offloaded flow table entries Vlad Buslov
2022-03-07 21:47 ` Pablo Neira Ayuso
2022-03-12 18:56 ` Vlad Buslov
2022-03-15 10:23 ` Pablo Neira Ayuso
2022-03-15 16:18 ` Vlad Buslov
2022-03-07 21:56 ` Pablo Neira Ayuso
2022-03-12 19:51 ` Vlad Buslov
2022-03-15 10:41 ` Pablo Neira Ayuso
2022-03-15 16:34 ` Vlad Buslov
2022-02-22 15:09 ` [PATCH net-next 3/8] netfilter: introduce max " Vlad Buslov
2022-03-07 22:13 ` Pablo Neira Ayuso
2022-03-12 19:32 ` Vlad Buslov
2022-02-22 15:09 ` [PATCH net-next 4/8] netfilter: introduce total count of hw offload 'add' workqueue tasks Vlad Buslov
2022-03-07 22:46 ` Pablo Neira Ayuso
2022-02-22 15:10 ` [PATCH net-next 5/8] netfilter: introduce max " Vlad Buslov
2022-03-07 22:43 ` Pablo Neira Ayuso
2022-03-12 19:59 ` Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 6/8] netfilter: introduce total count of hw offload 'del' " Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 7/8] netfilter: introduce total count of hw offload 'stats' wq tasks Vlad Buslov
2022-02-22 15:10 ` [PATCH net-next 8/8] netfilter: flowtable: add hardware offload tracepoints Vlad Buslov
2022-03-07 22:49 ` Pablo Neira Ayuso
2022-03-12 20:05 ` Vlad Buslov [this message]
2022-03-15 10:29 ` Pablo Neira Ayuso
2022-03-15 16:36 ` Vlad Buslov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877d8zue2n.fsf@nvidia.com \
--to=vladbu@nvidia.com \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ozsh@nvidia.com \
--cc=pablo@netfilter.org \
--cc=paulb@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).