blob: 3c44c2927313f929011ed521eb834d2eb40795de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From: Felix Fietkau <nbd@nbd.name>
Date: Sun, 25 Mar 2018 21:10:55 +0200
Subject: [PATCH] netfilter: nf_flow_table: rework hardware offload timeout
handling
Some offload implementations send keepalive packets + explicit
notifications of TCP FIN/RST packets. In this case it is more convenient
to simply let the driver update flow->timeout handling and use the
regular flow offload gc step.
For drivers that manage their own lifetime, a separate flag can be set
to avoid gc timeouts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -75,6 +75,7 @@ struct flow_offload_tuple_rhash {
#define FLOW_OFFLOAD_DYING 0x4
#define FLOW_OFFLOAD_TEARDOWN 0x8
#define FLOW_OFFLOAD_HW 0x10
+#define FLOW_OFFLOAD_KEEP 0x20
struct flow_offload {
struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -370,7 +370,7 @@ static void nf_flow_offload_gc_step(stru
if (!teardown)
nf_ct_offload_timeout(flow);
- if (nf_flow_in_hw(flow) && !teardown)
+ if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
return;
if (nf_flow_has_expired(flow) || teardown)
|