ACK/Cmnt: [SRU][F:linux-bluefield][PATCH V1 00/10] Increase stability with connection tracking offload

Tue Nov 1 07:05:32 UTC 2022

On 10/31/22 21:33, Bodong Wang wrote:
> Currently qdisc ingress handling (sch_handle_ingress()) doesn't
> set a return value and it is left to the old return value of
> the caller (__netif_receive_skb_core()) which is RX drop, so if
> the packet is consumed, caller will stop and return this value
> as if the packet was dropped.
> 
> Also, include set of patches to increase stability with connection tracking
> offload, including reduced cpu load and possible deadlock on cleanup.
> 
> V0->V1:
> Fix sha number for patch "netfilter: flowtable: Make sure GC works
> periodically in idle system"
> 
> Eric Dumazet (1):
>    netfilter: conntrack: annotate data-races around ct->timeout
> 
> Felix Fietkau (1):
>    netfilter: flowtable: fix excessive hw offload attempts after failure
> 
> Florian Westphal (2):
>    netfilter: conntrack: remove unneeded nf_ct_put
>    netfilter: conntrack: convert to refcount_t api
> 
> Pablo Neira Ayuso (4):
>    netfilter: flowtable: avoid possible false sharing
>    netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup()
>    netfilter: flowtable: add function to invoke garbage collection
>      immediately
>    netfilter: flowtable: fix stuck flows on cleanup due to pending work
> 
> Paul Blakey (1):
>    net: Fix return value of qdisc ingress handling on success
> 
> Yinjun Zhang (1):
>    netfilter: flowtable: Make sure GC works periodically in idle system
> 
>   include/linux/netfilter/nf_conntrack_common.h |  8 +++---
>   include/net/netfilter/nf_conntrack.h          |  6 ++---
>   include/net/netfilter/nf_flow_table.h         |  5 ++++
>   net/core/dev.c                                |  4 +++
>   net/netfilter/nf_conntrack_core.c             | 39 +++++++++++++--------------
>   net/netfilter/nf_conntrack_expect.c           |  4 +--
>   net/netfilter/nf_conntrack_netlink.c          |  8 +++---
>   net/netfilter/nf_conntrack_standalone.c       |  4 +--
>   net/netfilter/nf_flow_table_core.c            | 38 ++++++++++++++++----------
>   net/netfilter/nf_flow_table_offload.c         |  8 ++++++
>   net/netfilter/nf_synproxy_core.c              |  1 -
>   net/netfilter/nft_ct.c                        |  4 +--
>   net/netfilter/xt_CT.c                         |  3 +--
>   net/openvswitch/conntrack.c                   |  1 -
>   net/sched/act_ct.c                            |  1 -
>   15 files changed, 77 insertions(+), 57 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>

It is important to describe changes you've made to backported patches. 
What I want to see is if it was nothing more then a context adjustment, 
or did you actually have to change the code. For example, this entry 
after the '[Backported from...]' line:

[Bodong - context adjustment]

In this case both patches were simple enough that I could eyeball them 
for correctness. If they were any more complex then I would have 
complained and NACKed them.

-- 
-----------
Tim Gardner
Canonical, Inc