APPLIED: [SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: netfilter: conntrack: Check offload bit on table dump
Kelsey Skunberg
kelsey.skunberg at canonical.com
Sat May 29 00:45:41 UTC 2021
Applied to F/bluefield master-next. Thank you!
-Kelsey
On 2021-05-24 22:12:49 , Daniel Jurgens wrote:
> From: Roi Dayan <roid at nvidia.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1929458
>
> If the conntrack entry is owned by the flow table offload infrastructure
> then don't do garbage collect when dumping the entries.
> The entry offload timeout might not be updated as the flow timeout being
> updated.
>
> To reproduce the issue we can do conntrack -L or cat
> /proc/net/nf_conntrack while rules being offloaded.
> Sometimes rules will get deleted because ct timeout expired.
> So check the offload bit like gc_worker() as others loops does.
>
> This is not a final fix and still being investigated why ct initial timeout
> was not enough before offload path updated the ct timeout to a day.
>
> Fixes: 90964016e5d3 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit")
> Signed-off-by: Roi Dayan <roid at nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj at nvidia.com>
> ---
> include/net/netfilter/nf_conntrack.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
> index c7bfddf..4f51b62 100644
> --- a/include/net/netfilter/nf_conntrack.h
> +++ b/include/net/netfilter/nf_conntrack.h
> @@ -276,7 +276,7 @@ static inline bool nf_ct_is_expired(const struct nf_conn *ct)
> static inline bool nf_ct_should_gc(const struct nf_conn *ct)
> {
> return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) &&
> - !nf_ct_is_dying(ct);
> + !nf_ct_is_dying(ct) && !test_bit(IPS_OFFLOAD_BIT, &ct->status);
> }
>
> #define NF_CT_DAY (86400 * HZ)
> --
> 1.8.3.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list