From: Felix Fietkau <nbd@nbd.name>
Date: Sun, 25 Mar 2018 21:10:55 +0200
Subject: [PATCH] netfilter: nf_flow_table: rework hardware offload timeout
 handling

Some offload implementations send keepalive packets + explicit
notifications of TCP FIN/RST packets. In this case it is more convenient
to simply let the driver update flow->timeout handling and use the
regular flow offload gc step.

For drivers that manage their own lifetime, a separate flag can be set
to avoid gc timeouts.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -76,6 +76,7 @@ struct flow_offload_tuple_rhash {
 #define FLOW_OFFLOAD_DYING	0x4
 #define FLOW_OFFLOAD_TEARDOWN	0x8
 #define FLOW_OFFLOAD_HW		0x10
+#define FLOW_OFFLOAD_KEEP	0x20
 
 struct flow_offload {
 	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -368,7 +368,7 @@ static int nf_flow_offload_gc_step(struc
 		if (!teardown)
 			nf_ct_offload_timeout(flow);
 
-		if (nf_flow_in_hw(flow) && !teardown)
+		if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
 			continue;
 
 		if (nf_flow_has_expired(flow) || teardown)