cmm offload is now working

2026-05-14 07:29:45 +08:00
parent 1dab92663d
commit 839576a15f
6 changed files with 270 additions and 0 deletions
--- a/devtools/eth2-dhcp.yaml
+++ b/devtools/eth2-dhcp.yaml
@@ -0,0 +1,52 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: test-lan-dhcp-config
  namespace: mono-system
 data:
  dnsmasq.conf: |
    interface=eth2
    bind-interfaces
    dhcp-range=192.168.50.100,192.168.50.200,255.255.255.0,12h
    dhcp-option=3,192.168.50.1
    dhcp-option=6,1.1.1.1,8.8.8.8
    log-dhcp
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: test-lan-dhcp
  namespace: mono-system
 spec:
  selector:
    matchLabels:
      app: test-lan-dhcp
  template:
    metadata:
      labels:
        app: test-lan-dhcp
    spec:
      hostNetwork: true
      nodeSelector:
        kubernetes.io/hostname: monok8s-master
      containers:
      - name: dnsmasq
        image: alpine:3.23
        securityContext:
          privileged: true
        command:
        - /bin/sh
        - -c
        - |
          apk add --no-cache dnsmasq iproute2 iptables
          ip addr replace 192.168.50.1/24 dev eth2
          ip link set eth2 up
          exec dnsmasq --no-daemon --conf-file=/etc/dnsmasq.conf
        volumeMounts:
        - name: config
          mountPath: /etc/dnsmasq.conf
          subPath: dnsmasq.conf
      volumes:
      - name: config
        configMap:
          name: test-lan-dhcp-config
--- a/docker/ask.Dockerfile
+++ b/docker/ask.Dockerfile
@@ -167,6 +167,19 @@ RUN cd /src/ASK && \
 	test ! -s /tmp/ask-module-patches.list || xargs -a /tmp/ask-module-patches.list git apply --check && \
 	test ! -s /tmp/ask-module-patches.list || xargs -a /tmp/ask-module-patches.list git apply
 # Verify ct enum
 COPY scripts/check-ctenum/kernel_ctenum.c /src/check-ctenum/kernel_ctenum.c
 RUN cd /src/linux \
 && make ARCH="${ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" \
      headers_install INSTALL_HDR_PATH=/tmp/kernel-headers \
 && cc -I/tmp/kernel-headers/include \
      /src/check-ctenum/kernel_ctenum.c \
      -o /tmp/kernel_ctenum \
 && /tmp/kernel_ctenum | sort > /src/kernel_ctenum.txt
 COPY scripts/check-ctenum/libnfct_ctenum.c /src/check-ctenum/libnfct_ctenum.c
 # Build patched libnfnetlink + libnetfilter_conntrack into the musl sysroot.
 # These are needed by cmm through pkg-config.
 RUN mkdir -p "${ASK_DIR}/sources" && \
@@ -194,6 +207,15 @@ RUN mkdir -p "${ASK_DIR}/sources" && \
 		| sort > /tmp/libnfct-patches.list && \
 	test ! -s /tmp/libnfct-patches.list || xargs -a /tmp/libnfct-patches.list git apply --check && \
 	test ! -s /tmp/libnfct-patches.list || xargs -a /tmp/libnfct-patches.list git apply && \
 ####### Ensure parities for KERNEL <-> libnfct's enum #######
 cd /src/libnetfilter_conntrack \
 && cc -I. -I"${SYSROOT}/include" /src/check-ctenum/libnfct_ctenum.c -o /tmp/libnfct_ctenum \
 && /tmp/libnfct_ctenum | sort > /tmp/libnfct_ctenum.txt \
 && echo "libnfct conntrack enum values:" \
 && cat /tmp/libnfct_ctenum.txt \
 && echo "Comparing kernel/libnfct conntrack enum ABI:" \
 && diff -u /src/kernel_ctenum.txt /tmp/libnfct_ctenum.txt && \
 ####### End #######
 	PKG_CONFIG_PATH="${SYSROOT}/lib/pkgconfig" \
 	CC=aarch64-linux-musl-gcc AR=aarch64-linux-musl-ar RANLIB=aarch64-linux-musl-ranlib \
 	./configure --host="${HOST}" --prefix="${SYSROOT}" \
--- a/patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch
+++ b/patches/ask/upstream/libnetfilter-conntrack/03-debug-messages-v2.patch
@@ -0,0 +1,158 @@
 diff --git a/src/conntrack/parse_mnl.c b/src/conntrack/parse_mnl.c
 index 72abc67..941075a 100644
 --- a/src/conntrack/parse_mnl.c
 +++ b/src/conntrack/parse_mnl.c
@@ -13,6 +13,24 @@
 #include <libmnl/libmnl.h>
 #include <limits.h>
 #include <endian.h>
 +#include <stdio.h>
 +#include <stdarg.h>
 +
 +static void ask_nfct_dbg(const char *fmt, ...)
 +{
 +	FILE *f;
 +	va_list ap;
 +
 +	f = fopen("/tmp/libnfct-cmm.log", "a");
 +	if (!f)
 +		return;
 +
 +	va_start(ap, fmt);
 +	vfprintf(f, fmt, ap);
 +	va_end(ap);
 +
 +	fclose(f);
 +}
 static int
 nfct_parse_ip_attr_cb(const struct nlattr *attr, void *data)
@@ -863,25 +881,44 @@ nfct_parse_comcerto_fp_attr_cb(const struct nlattr *attr, void *data)
 	const struct nlattr **tb = data;
 	int type = mnl_attr_get_type(attr);
 -	if (mnl_attr_type_valid(attr, CTA_COMCERTO_FP_MAX) < 0)
 -		return MNL_CB_OK;
 +    ask_nfct_dbg("nested fp attr raw_type=0x%x type=%u len=%u payload_len=%u\n",
 +            attr->nla_type, type, attr->nla_len,
 +            mnl_attr_get_payload_len(attr));
 +
 +	if (mnl_attr_type_valid(attr, CTA_COMCERTO_FP_MAX) < 0) {
 +        ask_nfct_dbg("nested fp attr type invalid raw_type=0x%x type=%u max=%u\n",
 +                attr->nla_type, type, CTA_COMCERTO_FP_MAX);
 +        return MNL_CB_OK;
 +	}
 	switch(type) {
 	case CTA_COMCERTO_FP_MARK:
 	case CTA_COMCERTO_FP_IFINDEX:
 	case CTA_COMCERTO_FP_IIF:
 	case CTA_COMCERTO_FP_UNDERLYING_IIF:
 -		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 -			return MNL_CB_OK;
 +		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
 +            ask_nfct_dbg("nested fp attr U32 validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n",
 +                    type, attr->nla_type, attr->nla_len,
 +                    mnl_attr_get_payload_len(attr));
 +            return MNL_CB_OK;
 +        }
 		break;
 	case CTA_COMCERTO_FP_UNDERLYING_VID:
 -		if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
 -			return MNL_CB_OK;
 +		if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) {
 +            ask_nfct_dbg("nested fp attr U16 validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n",
 +                    type, attr->nla_type, attr->nla_len,
 +                    mnl_attr_get_payload_len(attr));
 +            return MNL_CB_OK;
 +        }
 		break;
 	case CTA_COMCERTO_FP_XFRM_HANDLE:
 		/* 4 x u32 = 16 bytes */
 -		if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, 16) < 0)
 -			return MNL_CB_OK;
 +        if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, 16) < 0) {
 +            ask_nfct_dbg("nested fp attr XFRM validation failed type=%u raw_type=0x%x len=%u payload_len=%u\n",
 +                    type, attr->nla_type, attr->nla_len,
 +                    mnl_attr_get_payload_len(attr));
 +            return MNL_CB_OK;
 +        }
 		break;
 	}
 	tb[type] = attr;
@@ -893,9 +930,23 @@ nfct_parse_comcerto_fp(const struct nlattr *attr, struct nf_conntrack *ct,
 		       int dir)
 {
 	struct nlattr *tb[CTA_COMCERTO_FP_MAX+1] = {};
 -
 -	if (mnl_attr_parse_nested(attr, nfct_parse_comcerto_fp_attr_cb, tb) < 0)
 -		return -1;
 +    ask_nfct_dbg("enter nfct_parse_comcerto_fp dir=%d outer_raw_type=0x%x outer_type=%u len=%u payload_len=%u\n",
 +            dir, attr->nla_type, mnl_attr_get_type(attr),
 +            attr->nla_len, mnl_attr_get_payload_len(attr));
 +
 +    if (mnl_attr_parse_nested(attr, nfct_parse_comcerto_fp_attr_cb, tb) < 0) {
 +        ask_nfct_dbg("mnl_attr_parse_nested FAILED dir=%d\n", dir);
 +        return -1;
 +    }
 +
 +    ask_nfct_dbg("fp nested result dir=%d mark=%d ifindex=%d iif=%d underlying_iif=%d vid=%d xfrm=%d\n",
 +            dir,
 +            !!tb[CTA_COMCERTO_FP_MARK],
 +            !!tb[CTA_COMCERTO_FP_IFINDEX],
 +            !!tb[CTA_COMCERTO_FP_IIF],
 +            !!tb[CTA_COMCERTO_FP_UNDERLYING_IIF],
 +            !!tb[CTA_COMCERTO_FP_UNDERLYING_VID],
 +            !!tb[CTA_COMCERTO_FP_XFRM_HANDLE]);
 	if (tb[CTA_COMCERTO_FP_IIF]) {
 		ct->fp_info[dir].iif =
@@ -984,6 +1035,11 @@ nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data)
 {
 	const struct nlattr **tb = data;
 	int type = mnl_attr_get_type(attr);
 +    if (type == CTA_LAYERSCAPE_FP_ORIG || type == CTA_LAYERSCAPE_FP_REPLY) {
 +        ask_nfct_dbg("top fp attr raw_type=0x%x type=%u len=%u payload_len=%u\n",
 +                attr->nla_type, type, attr->nla_len,
 +                mnl_attr_get_payload_len(attr));
 +    }
 	if (mnl_attr_type_valid(attr, CTA_MAX) < 0)
 		return MNL_CB_OK;
@@ -1023,8 +1079,12 @@ nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data)
 	/* NXP ASK: Comcerto fast path and QoS */
 	case CTA_LAYERSCAPE_FP_ORIG:
 	case CTA_LAYERSCAPE_FP_REPLY:
 -		if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
 +        if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) {
 +			ask_nfct_dbg("top fp attr nested validation failed raw_type=0x%x type=%u len=%u payload_len=%u\n",
 +				     attr->nla_type, type, attr->nla_len,
 +				     mnl_attr_get_payload_len(attr));
 			return MNL_CB_OK;
 +		}
 		break;
 	case CTA_QOSCONNMARK:
 		if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
@@ -1168,12 +1228,22 @@ nfct_payload_parse(const void *payload, size_t payload_len,
 		 * Do not abort the entire conntrack dump if one fast-path
 		 * extension block cannot be represented by this userspace.
 		 */
 +        ask_nfct_dbg("payload parse: saw CTA_LAYERSCAPE_FP_ORIG raw_type=0x%x type=%u len=%u payload_len=%u\n",
 +                tb[CTA_LAYERSCAPE_FP_ORIG]->nla_type,
 +                mnl_attr_get_type(tb[CTA_LAYERSCAPE_FP_ORIG]),
 +                tb[CTA_LAYERSCAPE_FP_ORIG]->nla_len,
 +                mnl_attr_get_payload_len(tb[CTA_LAYERSCAPE_FP_ORIG]));
 		nfct_parse_comcerto_fp(tb[CTA_LAYERSCAPE_FP_ORIG], ct,
 					 __DIR_ORIG);
 	}
 	if (tb[CTA_LAYERSCAPE_FP_REPLY]) {
 		/* See CTA_LAYERSCAPE_FP_ORIG handling above. */
 +        ask_nfct_dbg("payload parse: saw CTA_LAYERSCAPE_FP_REPLY raw_type=0x%x type=%u len=%u payload_len=%u\n",
 +                tb[CTA_LAYERSCAPE_FP_REPLY]->nla_type,
 +                mnl_attr_get_type(tb[CTA_LAYERSCAPE_FP_REPLY]),
 +                tb[CTA_LAYERSCAPE_FP_REPLY]->nla_len,
 +                mnl_attr_get_payload_len(tb[CTA_LAYERSCAPE_FP_REPLY]));
 		nfct_parse_comcerto_fp(tb[CTA_LAYERSCAPE_FP_REPLY], ct,
 					 __DIR_REPL);
 	}
--- a/patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch
+++ b/patches/ask/upstream/libnetfilter-conntrack/04-libnfct-add-missing-enum.patch
@@ -0,0 +1,12 @@
 diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
 index 418870a..510b5a8 100644
 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
 +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -60,6 +60,7 @@ enum ctattr_type {
 	CTA_SYNPROXY,
 	CTA_FILTER,
 	CTA_STATUS_MASK,
 +	CTA_TIMESTAMP_EVENT,
 	/* NXP ASK: Layerscape fast path attributes - order must match kernel! */
 	CTA_LAYERSCAPE_FP_ORIG,
 	CTA_LAYERSCAPE_FP_REPLY,
--- a/scripts/check-ctenum/kernel_ctenum.c
+++ b/scripts/check-ctenum/kernel_ctenum.c
@@ -0,0 +1,13 @@
 #include <stdio.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>
 int main(void)
 {
 	printf("CTA_TIMESTAMP_EVENT=%d\n", CTA_TIMESTAMP_EVENT);
 	printf("CTA_LAYERSCAPE_FP_ORIG=%d\n", CTA_LAYERSCAPE_FP_ORIG);
 	printf("CTA_LAYERSCAPE_FP_REPLY=%d\n", CTA_LAYERSCAPE_FP_REPLY);
 	printf("CTA_QOSCONNMARK=%d\n", CTA_QOSCONNMARK);
 	printf("CTA_QOSCONNMARK_PAD=%d\n", CTA_QOSCONNMARK_PAD);
 	printf("CTA_MAX=%d\n", CTA_MAX);
 	return 0;
 }
--- a/scripts/check-ctenum/libnfct_ctenum.c
+++ b/scripts/check-ctenum/libnfct_ctenum.c
@@ -0,0 +1,13 @@
 #include <stdio.h>
 #include "include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h"
 int main(void)
 {
 	printf("CTA_TIMESTAMP_EVENT=%d\n", CTA_TIMESTAMP_EVENT);
 	printf("CTA_LAYERSCAPE_FP_ORIG=%d\n", CTA_LAYERSCAPE_FP_ORIG);
 	printf("CTA_LAYERSCAPE_FP_REPLY=%d\n", CTA_LAYERSCAPE_FP_REPLY);
 	printf("CTA_QOSCONNMARK=%d\n", CTA_QOSCONNMARK);
 	printf("CTA_QOSCONNMARK_PAD=%d\n", CTA_QOSCONNMARK_PAD);
 	printf("CTA_MAX=%d\n", CTA_MAX);
 	return 0;
 }