ACK: [SRU][F:linux-bluefield][PATCH 0/5] Control nf flow table timeouts
tim.gardner at canonical.com
Tue Jul 6 13:34:46 UTC 2021
Acked-by: Tim Gardner <tim.gardner at canonical.com>
On 7/1/21 2:38 PM, Bodong Wang wrote:
> TCP and UDP connections may be offloaded from nf conntrack to nf flow table.
> Offloaded connections are aged after 30 seconds of inactivity.
> Once aged, ownership is returned to conntrack with a hard coded tcp/udp
> pickup time of 120/30 seconds, after which the connection may be deleted.
> The current hard-coded pickup intervals may introduce a very aggressive
> aging policy. For example, offloaded tcp connections in established state
> will timeout from nf conntrack after just 150 seconds of inactivity,
> instead of 5 days. In addition, the hard-coded 30 second offload timeout
> period can significantly increase the hardware insertion rate requirements
> in some use cases.
> This patchset provides the user with the ability to configure protocol
> specific offload timeout and pickup intervals via sysctl.
> The first and second patches revert the existing non-upstream solution.
> The next two patches introduce the sysctl configuration for tcp and udp
> The last patch modifies nf flow table aging mechanisms to use the configured
> time intervals.
> Oz Shlomo (5):
> Revert "UBUNTU: SAUCE: net/sched: Add module parameter to set CT age
> out time"
> Revert "UBUNTU: SAUCE: netfilter: flowtable: Control flow timeout
> (upstream) netfilter: conntrack: Introduce tcp offload timeout
> (upstream) netfilter: conntrack: Introduce udp offload timeout
> (upstream) netfilter: flowtable: Set offload timeouts according to
> proto values
> include/net/netfilter/nf_flow_table.h | 10 ++-----
> include/net/netns/conntrack.h | 8 +++++
> net/netfilter/nf_conntrack_proto_tcp.c | 5 ++++
> net/netfilter/nf_conntrack_proto_udp.c | 5 ++++
> net/netfilter/nf_conntrack_standalone.c | 46 ++++++++++++++++++++++++++++
> net/netfilter/nf_flow_table_core.c | 53 +++++++++++++++++++++++----------
> net/netfilter/nf_flow_table_offload.c | 5 ++--
> net/sched/act_ct.c | 5 ----
> 8 files changed, 106 insertions(+), 31 deletions(-)
More information about the kernel-team