From 839576a15fe25f251d855f99d04d3b4caf20d70880e9b3c4ae639f30fe7a0c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=9F=E9=85=8C=20=E9=B5=AC=E5=85=84?= Date: Thu, 14 May 2026 07:29:45 +0800 Subject: [PATCH] cmm offload is now working --- devtools/eth2-dhcp.yaml | 52 ++++++ docker/ask.Dockerfile | 22 +++ .../03-debug-messages-v2.patch | 158 ++++++++++++++++++ .../04-libnfct-add-missing-enum.patch | 12 ++ scripts/check-ctenum/kernel_ctenum.c | 13 ++ scripts/check-ctenum/libnfct_ctenum.c | 13 ++ 6 files changed, 270 insertions(+) create mode 100644 devtools/eth2-dhcp.yaml create mode 100644 patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch create mode 100644 patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch create mode 100644 scripts/check-ctenum/kernel_ctenum.c create mode 100644 scripts/check-ctenum/libnfct_ctenum.c diff --git a/devtools/eth2-dhcp.yaml b/devtools/eth2-dhcp.yaml new file mode 100644 index 0000000..ec89495 --- /dev/null +++ b/devtools/eth2-dhcp.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-lan-dhcp-config + namespace: mono-system +data: + dnsmasq.conf: | + interface=eth2 + bind-interfaces + dhcp-range=192.168.50.100,192.168.50.200,255.255.255.0,12h + dhcp-option=3,192.168.50.1 + dhcp-option=6,1.1.1.1,8.8.8.8 + log-dhcp +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: test-lan-dhcp + namespace: mono-system +spec: + selector: + matchLabels: + app: test-lan-dhcp + template: + metadata: + labels: + app: test-lan-dhcp + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/hostname: monok8s-master + containers: + - name: dnsmasq + image: alpine:3.23 + securityContext: + privileged: true + command: + - /bin/sh + - -c + - | + apk add --no-cache dnsmasq iproute2 iptables + ip addr replace 192.168.50.1/24 dev eth2 + ip link set eth2 up + exec dnsmasq --no-daemon --conf-file=/etc/dnsmasq.conf + volumeMounts: + - name: config + mountPath: /etc/dnsmasq.conf + subPath: dnsmasq.conf + volumes: + - name: config + configMap: + name: test-lan-dhcp-config diff --git a/docker/ask.Dockerfile b/docker/ask.Dockerfile index 896620a..9bc18cf 100644 --- a/docker/ask.Dockerfile +++ b/docker/ask.Dockerfile @@ -167,6 +167,19 @@ RUN cd /src/ASK && \ test ! -s /tmp/ask-module-patches.list || xargs -a /tmp/ask-module-patches.list git apply --check && \ test ! -s /tmp/ask-module-patches.list || xargs -a /tmp/ask-module-patches.list git apply +# Verify ct enum +COPY scripts/check-ctenum/kernel_ctenum.c /src/check-ctenum/kernel_ctenum.c + +RUN cd /src/linux \ + && make ARCH="${ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" \ + headers_install INSTALL_HDR_PATH=/tmp/kernel-headers \ + && cc -I/tmp/kernel-headers/include \ + /src/check-ctenum/kernel_ctenum.c \ + -o /tmp/kernel_ctenum \ + && /tmp/kernel_ctenum | sort > /src/kernel_ctenum.txt + +COPY scripts/check-ctenum/libnfct_ctenum.c /src/check-ctenum/libnfct_ctenum.c + # Build patched libnfnetlink + libnetfilter_conntrack into the musl sysroot. # These are needed by cmm through pkg-config. RUN mkdir -p "${ASK_DIR}/sources" && \ @@ -194,6 +207,15 @@ RUN mkdir -p "${ASK_DIR}/sources" && \ | sort > /tmp/libnfct-patches.list && \ test ! -s /tmp/libnfct-patches.list || xargs -a /tmp/libnfct-patches.list git apply --check && \ test ! -s /tmp/libnfct-patches.list || xargs -a /tmp/libnfct-patches.list git apply && \ +####### Ensure parities for KERNEL <-> libnfct's enum ####### +cd /src/libnetfilter_conntrack \ +&& cc -I. -I"${SYSROOT}/include" /src/check-ctenum/libnfct_ctenum.c -o /tmp/libnfct_ctenum \ +&& /tmp/libnfct_ctenum | sort > /tmp/libnfct_ctenum.txt \ +&& echo "libnfct conntrack enum values:" \ +&& cat /tmp/libnfct_ctenum.txt \ +&& echo "Comparing kernel/libnfct conntrack enum ABI:" \ +&& diff -u /src/kernel_ctenum.txt /tmp/libnfct_ctenum.txt && \ +####### End ####### PKG_CONFIG_PATH="${SYSROOT}/lib/pkgconfig" \ CC=aarch64-linux-musl-gcc AR=aarch64-linux-musl-ar RANLIB=aarch64-linux-musl-ranlib \ ./configure --host="${HOST}" --prefix="${SYSROOT}" \ diff --git a/patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch b/patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch new file mode 100644 index 0000000..91c719d --- /dev/null +++ b/patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch @@ -0,0 +1,158 @@ +diff --git a/src/conntrack/parse_mnl.c b/src/conntrack/parse_mnl.c +index 72abc67..941075a 100644 +--- a/src/conntrack/parse_mnl.c ++++ b/src/conntrack/parse_mnl.c +@@ -13,6 +13,24 @@ + #include + #include + #include ++#include ++#include ++ ++static void ask_nfct_dbg(const char *fmt, ...) ++{ ++ FILE *f; ++ va_list ap; ++ ++ f = fopen("/tmp/libnfct-cmm.log", "a"); ++ if (!f) ++ return; ++ ++ va_start(ap, fmt); ++ vfprintf(f, fmt, ap); ++ va_end(ap); ++ ++ fclose(f); ++} + + static int + nfct_parse_ip_attr_cb(const struct nlattr *attr, void *data) +@@ -863,25 +881,44 @@ nfct_parse_comcerto_fp_attr_cb(const struct nlattr *attr, void *data) + const struct nlattr **tb = data; + int type = mnl_attr_get_type(attr); + +- if (mnl_attr_type_valid(attr, CTA_COMCERTO_FP_MAX) < 0) +- return MNL_CB_OK; ++ ask_nfct_dbg("nested fp attr raw_type=0x%x type=%u len=%u payload_len=%u\n", ++ attr->nla_type, type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); ++ ++ if (mnl_attr_type_valid(attr, CTA_COMCERTO_FP_MAX) < 0) { ++ ask_nfct_dbg("nested fp attr type invalid raw_type=0x%x type=%u max=%u\n", ++ attr->nla_type, type, CTA_COMCERTO_FP_MAX); ++ return MNL_CB_OK; ++ } + + switch(type) { + case CTA_COMCERTO_FP_MARK: + case CTA_COMCERTO_FP_IFINDEX: + case CTA_COMCERTO_FP_IIF: + case CTA_COMCERTO_FP_UNDERLYING_IIF: +- if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) +- return MNL_CB_OK; ++ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { ++ ask_nfct_dbg("nested fp attr U32 validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n", ++ type, attr->nla_type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); ++ return MNL_CB_OK; ++ } + break; + case CTA_COMCERTO_FP_UNDERLYING_VID: +- if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) +- return MNL_CB_OK; ++ if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) { ++ ask_nfct_dbg("nested fp attr U16 validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n", ++ type, attr->nla_type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); ++ return MNL_CB_OK; ++ } + break; + case CTA_COMCERTO_FP_XFRM_HANDLE: + /* 4 x u32 = 16 bytes */ +- if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, 16) < 0) +- return MNL_CB_OK; ++ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, 16) < 0) { ++ ask_nfct_dbg("nested fp attr XFRM validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n", ++ type, attr->nla_type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); ++ return MNL_CB_OK; ++ } + break; + } + tb[type] = attr; +@@ -893,9 +930,23 @@ nfct_parse_comcerto_fp(const struct nlattr *attr, struct nf_conntrack *ct, + int dir) + { + struct nlattr *tb[CTA_COMCERTO_FP_MAX+1] = {}; +- +- if (mnl_attr_parse_nested(attr, nfct_parse_comcerto_fp_attr_cb, tb) < 0) +- return -1; ++ ask_nfct_dbg("enter nfct_parse_comcerto_fp dir=%d outer_raw_type=0x%x outer_type=%u len=%u payload_len=%u\n", ++ dir, attr->nla_type, mnl_attr_get_type(attr), ++ attr->nla_len, mnl_attr_get_payload_len(attr)); ++ ++ if (mnl_attr_parse_nested(attr, nfct_parse_comcerto_fp_attr_cb, tb) < 0) { ++ ask_nfct_dbg("mnl_attr_parse_nested FAILED dir=%d\n", dir); ++ return -1; ++ } ++ ++ ask_nfct_dbg("fp nested result dir=%d mark=%d ifindex=%d iif=%d underlying_iif=%d vid=%d xfrm=%d\n", ++ dir, ++ !!tb[CTA_COMCERTO_FP_MARK], ++ !!tb[CTA_COMCERTO_FP_IFINDEX], ++ !!tb[CTA_COMCERTO_FP_IIF], ++ !!tb[CTA_COMCERTO_FP_UNDERLYING_IIF], ++ !!tb[CTA_COMCERTO_FP_UNDERLYING_VID], ++ !!tb[CTA_COMCERTO_FP_XFRM_HANDLE]); + + if (tb[CTA_COMCERTO_FP_IIF]) { + ct->fp_info[dir].iif = +@@ -984,6 +1035,11 @@ nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data) + { + const struct nlattr **tb = data; + int type = mnl_attr_get_type(attr); ++ if (type == CTA_LAYERSCAPE_FP_ORIG || type == CTA_LAYERSCAPE_FP_REPLY) { ++ ask_nfct_dbg("top fp attr raw_type=0x%x type=%u len=%u payload_len=%u\n", ++ attr->nla_type, type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); ++ } + + if (mnl_attr_type_valid(attr, CTA_MAX) < 0) + return MNL_CB_OK; +@@ -1023,8 +1079,12 @@ nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data) + /* NXP ASK: Comcerto fast path and QoS */ + case CTA_LAYERSCAPE_FP_ORIG: + case CTA_LAYERSCAPE_FP_REPLY: +- if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) ++ if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { ++ ask_nfct_dbg("top fp attr nested validation failed raw_type=0x%x type=%u len=%u payload_len=%u\n", ++ attr->nla_type, type, attr->nla_len, ++ mnl_attr_get_payload_len(attr)); + return MNL_CB_OK; ++ } + break; + case CTA_QOSCONNMARK: + if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) +@@ -1168,12 +1228,22 @@ nfct_payload_parse(const void *payload, size_t payload_len, + * Do not abort the entire conntrack dump if one fast-path + * extension block cannot be represented by this userspace. + */ ++ ask_nfct_dbg("payload parse: saw CTA_LAYERSCAPE_FP_ORIG raw_type=0x%x type=%u len=%u payload_len=%u\n", ++ tb[CTA_LAYERSCAPE_FP_ORIG]->nla_type, ++ mnl_attr_get_type(tb[CTA_LAYERSCAPE_FP_ORIG]), ++ tb[CTA_LAYERSCAPE_FP_ORIG]->nla_len, ++ mnl_attr_get_payload_len(tb[CTA_LAYERSCAPE_FP_ORIG])); + nfct_parse_comcerto_fp(tb[CTA_LAYERSCAPE_FP_ORIG], ct, + __DIR_ORIG); + } + + if (tb[CTA_LAYERSCAPE_FP_REPLY]) { + /* See CTA_LAYERSCAPE_FP_ORIG handling above. */ ++ ask_nfct_dbg("payload parse: saw CTA_LAYERSCAPE_FP_REPLY raw_type=0x%x type=%u len=%u payload_len=%u\n", ++ tb[CTA_LAYERSCAPE_FP_REPLY]->nla_type, ++ mnl_attr_get_type(tb[CTA_LAYERSCAPE_FP_REPLY]), ++ tb[CTA_LAYERSCAPE_FP_REPLY]->nla_len, ++ mnl_attr_get_payload_len(tb[CTA_LAYERSCAPE_FP_REPLY])); + nfct_parse_comcerto_fp(tb[CTA_LAYERSCAPE_FP_REPLY], ct, + __DIR_REPL); + } diff --git a/patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch b/patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch new file mode 100644 index 0000000..434e2c1 --- /dev/null +++ b/patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch @@ -0,0 +1,12 @@ +diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +index 418870a..510b5a8 100644 +--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h ++++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +@@ -60,6 +60,7 @@ enum ctattr_type { + CTA_SYNPROXY, + CTA_FILTER, + CTA_STATUS_MASK, ++ CTA_TIMESTAMP_EVENT, + /* NXP ASK: Layerscape fast path attributes - order must match kernel! */ + CTA_LAYERSCAPE_FP_ORIG, + CTA_LAYERSCAPE_FP_REPLY, diff --git a/scripts/check-ctenum/kernel_ctenum.c b/scripts/check-ctenum/kernel_ctenum.c new file mode 100644 index 0000000..5647042 --- /dev/null +++ b/scripts/check-ctenum/kernel_ctenum.c @@ -0,0 +1,13 @@ +#include +#include + +int main(void) +{ + printf("CTA_TIMESTAMP_EVENT=%d\n", CTA_TIMESTAMP_EVENT); + printf("CTA_LAYERSCAPE_FP_ORIG=%d\n", CTA_LAYERSCAPE_FP_ORIG); + printf("CTA_LAYERSCAPE_FP_REPLY=%d\n", CTA_LAYERSCAPE_FP_REPLY); + printf("CTA_QOSCONNMARK=%d\n", CTA_QOSCONNMARK); + printf("CTA_QOSCONNMARK_PAD=%d\n", CTA_QOSCONNMARK_PAD); + printf("CTA_MAX=%d\n", CTA_MAX); + return 0; +} diff --git a/scripts/check-ctenum/libnfct_ctenum.c b/scripts/check-ctenum/libnfct_ctenum.c new file mode 100644 index 0000000..700804a --- /dev/null +++ b/scripts/check-ctenum/libnfct_ctenum.c @@ -0,0 +1,13 @@ +#include +#include "include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h" + +int main(void) +{ + printf("CTA_TIMESTAMP_EVENT=%d\n", CTA_TIMESTAMP_EVENT); + printf("CTA_LAYERSCAPE_FP_ORIG=%d\n", CTA_LAYERSCAPE_FP_ORIG); + printf("CTA_LAYERSCAPE_FP_REPLY=%d\n", CTA_LAYERSCAPE_FP_REPLY); + printf("CTA_QOSCONNMARK=%d\n", CTA_QOSCONNMARK); + printf("CTA_QOSCONNMARK_PAD=%d\n", CTA_QOSCONNMARK_PAD); + printf("CTA_MAX=%d\n", CTA_MAX); + return 0; +}