diff options
Diffstat (limited to 'target/linux/generic/backport-5.10/610-v5.13-55-netfilter-conntrack-Introduce-tcp-offload-timeout-co.patch')
| -rw-r--r-- | target/linux/generic/backport-5.10/610-v5.13-55-netfilter-conntrack-Introduce-tcp-offload-timeout-co.patch | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/target/linux/generic/backport-5.10/610-v5.13-55-netfilter-conntrack-Introduce-tcp-offload-timeout-co.patch b/target/linux/generic/backport-5.10/610-v5.13-55-netfilter-conntrack-Introduce-tcp-offload-timeout-co.patch deleted file mode 100644 index 0d30b0c593..0000000000 --- a/target/linux/generic/backport-5.10/610-v5.13-55-netfilter-conntrack-Introduce-tcp-offload-timeout-co.patch +++ /dev/null @@ -1,94 +0,0 @@ -From: Oz Shlomo <ozsh@nvidia.com> -Date: Thu, 3 Jun 2021 15:12:33 +0300 -Subject: [PATCH] netfilter: conntrack: Introduce tcp offload timeout - configuration - -TCP connections may be offloaded from nf conntrack to nf flow table. -Offloaded connections are aged after 30 seconds of inactivity. -Once aged, ownership is returned to conntrack with a hard coded pickup -time of 120 seconds, after which the connection may be deleted. -eted. The current aging intervals may be too aggressive for some users. - -Provide users with the ability to control the nf flow table offload -aging and pickup time intervals via sysctl parameter as a pre-step for -configuring the nf flow table GC timeout intervals. - -Signed-off-by: Oz Shlomo <ozsh@nvidia.com> -Reviewed-by: Paul Blakey <paulb@nvidia.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - ---- a/include/net/netns/conntrack.h -+++ b/include/net/netns/conntrack.h -@@ -27,6 +27,10 @@ struct nf_tcp_net { - int tcp_loose; - int tcp_be_liberal; - int tcp_max_retrans; -+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE) -+ unsigned int offload_timeout; -+ unsigned int offload_pickup; -+#endif - }; - - enum udp_conntrack { ---- a/net/netfilter/nf_conntrack_proto_tcp.c -+++ b/net/netfilter/nf_conntrack_proto_tcp.c -@@ -1457,6 +1457,11 @@ void nf_conntrack_tcp_init_net(struct ne - tn->tcp_loose = nf_ct_tcp_loose; - tn->tcp_be_liberal = nf_ct_tcp_be_liberal; - tn->tcp_max_retrans = nf_ct_tcp_max_retrans; -+ -+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE) -+ tn->offload_timeout = 30 * HZ; -+ tn->offload_pickup = 120 * HZ; -+#endif - } - - const struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp = ---- a/net/netfilter/nf_conntrack_standalone.c -+++ b/net/netfilter/nf_conntrack_standalone.c -@@ -567,6 +567,10 @@ enum nf_ct_sysctl_index { - NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_CLOSE, - NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_RETRANS, - NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_UNACK, -+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE) -+ NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD, -+ NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD_PICKUP, -+#endif - NF_SYSCTL_CT_PROTO_TCP_LOOSE, - NF_SYSCTL_CT_PROTO_TCP_LIBERAL, - NF_SYSCTL_CT_PROTO_TCP_MAX_RETRANS, -@@ -757,6 +761,20 @@ static struct ctl_table nf_ct_sysctl_tab - .mode = 0644, - .proc_handler = proc_dointvec_jiffies, - }, -+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE) -+ [NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD] = { -+ .procname = "nf_flowtable_tcp_timeout", -+ .maxlen = sizeof(unsigned int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_jiffies, -+ }, -+ [NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD_PICKUP] = { -+ .procname = "nf_flowtable_tcp_pickup", -+ .maxlen = sizeof(unsigned int), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_jiffies, -+ }, -+#endif - [NF_SYSCTL_CT_PROTO_TCP_LOOSE] = { - .procname = "nf_conntrack_tcp_loose", - .maxlen = sizeof(int), -@@ -960,6 +978,12 @@ static void nf_conntrack_standalone_init - XASSIGN(LIBERAL, &tn->tcp_be_liberal); - XASSIGN(MAX_RETRANS, &tn->tcp_max_retrans); - #undef XASSIGN -+ -+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE) -+ table[NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD].data = &tn->offload_timeout; -+ table[NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_OFFLOAD_PICKUP].data = &tn->offload_pickup; -+#endif -+ - } - - static void nf_conntrack_standalone_init_sctp_sysctl(struct net *net, |