ACK: [SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: netfilter: conntrack: Check offload bit on table dump
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Tue May 25 14:55:19 UTC 2021
On 24/05/2021 15:12, Daniel Jurgens wrote:
> From: Roi Dayan <roid at nvidia.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1929458
>
> If the conntrack entry is owned by the flow table offload infrastructure
> then don't do garbage collect when dumping the entries.
> The entry offload timeout might not be updated as the flow timeout being
> updated.
>
> To reproduce the issue we can do conntrack -L or cat
> /proc/net/nf_conntrack while rules being offloaded.
> Sometimes rules will get deleted because ct timeout expired.
> So check the offload bit like gc_worker() as others loops does.
>
> This is not a final fix and still being investigated why ct initial timeout
> was not enough before offload path updated the ct timeout to a day.
>
> Fixes: 90964016e5d3 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit")
> Signed-off-by: Roi Dayan <roid at nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj at nvidia.com>
> ---
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list