Commit b0381776 authored by Vlad Buslov's avatar Vlad Buslov Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_flow_table: count pending offload workqueue tasks 



To improve hardware offload debuggability count pending 'add', 'del' and
'stats' flow_table offload workqueue tasks. Counters are incremented before
scheduling new task and decremented when workqueue handler finishes
executing. These counters allow user to diagnose congestion on hardware
offload workqueues that can happen when either CPU is starved and workqueue
jobs are executed at lower rate than new ones are added or when
hardware/driver can't keep up with the rate.

Implement the described counters as percpu counters inside new struct
netns_ft which is stored inside struct net. Expose them via new procfs file
'/proc/net/stats/nf_flowtable' that is similar to existing 'nf_conntrack'
file.

Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
Signed-off-by: default avatarOz Shlomo <ozsh@nvidia.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fc54d906

include/net/net_namespace.h

+6 −0
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ 
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)

#include <net/netns/conntrack.h>

#endif

#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)

#include <net/netns/flow_table.h>

#endif

#include <net/netns/nftables.h>

#include <net/netns/xfrm.h>

#include <net/netns/mpls.h>
@@ -142,6 +145,9 @@ struct net { 
#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)

	struct netns_nftables	nft;

#endif

#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)

	struct netns_ft ft;

#endif

#endif

#ifdef CONFIG_WEXT_CORE

	struct sk_buff_head	wext_nlevents;

include/net/netfilter/nf_flow_table.h

+21 −0
Original line number Diff line number Diff line
@@ -335,4 +335,25 @@ static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) 
	return 0;

}



#define NF_FLOW_TABLE_STAT_INC(net, count) __this_cpu_inc((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_DEC(net, count) __this_cpu_dec((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_INC_ATOMIC(net, count)	\

	this_cpu_inc((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_DEC_ATOMIC(net, count)	\

	this_cpu_dec((net)->ft.stat->count)



#ifdef CONFIG_NF_FLOW_TABLE_PROCFS

int nf_flow_table_init_proc(struct net *net);

void nf_flow_table_fini_proc(struct net *net);

#else

static inline int nf_flow_table_init_proc(struct net *net)

{

	return 0;

}



static inline void nf_flow_table_fini_proc(struct net *net)

{

}

#endif /* CONFIG_NF_FLOW_TABLE_PROCFS */



#endif /* _NF_FLOW_TABLE_H */

include/net/netns/flow_table.h

0 → 100644
+14 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

#ifndef __NETNS_FLOW_TABLE_H

#define __NETNS_FLOW_TABLE_H



struct nf_flow_table_stat {

	unsigned int count_wq_add;

	unsigned int count_wq_del;

	unsigned int count_wq_stats;

};



struct netns_ft {

	struct nf_flow_table_stat __percpu *stat;

};

#endif

net/netfilter/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -734,6 +734,15 @@ config NF_FLOW_TABLE 


	  To compile it as a module, choose M here.



config NF_FLOW_TABLE_PROCFS

	bool "Supply flow table statistics in procfs"

	default y

	depends on PROC_FS

	depends on SYSCTL

	help

	  This option enables for the flow table offload statistics

	  to be shown in procfs under net/netfilter/nf_flowtable.



config NETFILTER_XTABLES

	tristate "Netfilter Xtables support (required for ip_tables)"

	default m if NETFILTER_ADVANCED=n

net/netfilter/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -128,6 +128,7 @@ obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_netdev.o 
obj-$(CONFIG_NF_FLOW_TABLE)	+= nf_flow_table.o

nf_flow_table-objs		:= nf_flow_table_core.o nf_flow_table_ip.o \

				   nf_flow_table_offload.o

nf_flow_table-$(CONFIG_NF_FLOW_TABLE_PROCFS) += nf_flow_table_procfs.o



obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o