You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.2 KiB
37 lines
1.2 KiB
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Sun, 25 Mar 2018 21:10:55 +0200
|
|
Subject: [PATCH] netfilter: nf_flow_table: rework hardware offload timeout
|
|
handling
|
|
|
|
Some offload implementations send keepalive packets + explicit
|
|
notifications of TCP FIN/RST packets. In this case it is more convenient
|
|
to simply let the driver update flow->timeout handling and use the
|
|
regular flow offload gc step.
|
|
|
|
For drivers that manage their own lifetime, a separate flag can be set
|
|
to avoid gc timeouts.
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
|
|
--- a/include/net/netfilter/nf_flow_table.h
|
|
+++ b/include/net/netfilter/nf_flow_table.h
|
|
@@ -76,6 +76,7 @@ struct flow_offload_tuple_rhash {
|
|
#define FLOW_OFFLOAD_DYING 0x4
|
|
#define FLOW_OFFLOAD_TEARDOWN 0x8
|
|
#define FLOW_OFFLOAD_HW 0x10
|
|
+#define FLOW_OFFLOAD_KEEP 0x20
|
|
|
|
struct flow_offload {
|
|
struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
|
|
--- a/net/netfilter/nf_flow_table_core.c
|
|
+++ b/net/netfilter/nf_flow_table_core.c
|
|
@@ -358,7 +358,7 @@ static int nf_flow_offload_gc_step(struc
|
|
if (!teardown)
|
|
nf_ct_offload_timeout(flow);
|
|
|
|
- if (nf_flow_in_hw(flow) && !teardown)
|
|
+ if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
|
|
continue;
|
|
|
|
if (nf_flow_has_expired(flow) || teardown)
|
|
|