| Message ID | 1666965440-94070-1-git-send-email-bodong@nvidia.com |
|---|---|
| Headers | show |
| Series | Increase stability with connection tracking offload | expand |
On 10/28/22 15:57, Bodong Wang wrote: > Currently qdisc ingress handling (sch_handle_ingress()) doesn't > set a return value and it is left to the old return value of > the caller (__netif_receive_skb_core()) which is RX drop, so if > the packet is consumed, caller will stop and return this value > as if the packet was dropped. > > Also, include set of patches to increase stability with connection tracking > offload, including reduced cpu load and possible deadlock on cleanup. > > Eric Dumazet (1): > netfilter: conntrack: annotate data-races around ct->timeout > > Felix Fietkau (1): > netfilter: flowtable: fix excessive hw offload attempts after failure > > Florian Westphal (2): > netfilter: conntrack: remove unneeded nf_ct_put > netfilter: conntrack: convert to refcount_t api > > Pablo Neira Ayuso (4): > netfilter: flowtable: avoid possible false sharing > netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup() > netfilter: flowtable: add function to invoke garbage collection > immediately > netfilter: flowtable: fix stuck flows on cleanup due to pending work > > Paul Blakey (1): > net: Fix return value of qdisc ingress handling on success > > Yinjun Zhang (1): > netfilter: flowtable: Make sure GC works periodically in idle system > > include/linux/netfilter/nf_conntrack_common.h | 8 +++--- > include/net/netfilter/nf_conntrack.h | 6 ++--- > include/net/netfilter/nf_flow_table.h | 5 ++++ > net/core/dev.c | 4 +++ > net/netfilter/nf_conntrack_core.c | 39 +++++++++++++-------------- > net/netfilter/nf_conntrack_expect.c | 4 +-- > net/netfilter/nf_conntrack_netlink.c | 8 +++--- > net/netfilter/nf_conntrack_standalone.c | 4 +-- > net/netfilter/nf_flow_table_core.c | 38 ++++++++++++++++---------- > net/netfilter/nf_flow_table_offload.c | 8 ++++++ > net/netfilter/nf_synproxy_core.c | 1 - > net/netfilter/nft_ct.c | 4 +-- > net/netfilter/xt_CT.c | 3 +-- > net/openvswitch/conntrack.c | 1 - > net/sched/act_ct.c | 1 - > 15 files changed, 77 insertions(+), 57 deletions(-) > Patch 5 is missing the upstream SHA1. I suspect you neglected to use '-x' when cherry picking.
Currently qdisc ingress handling (sch_handle_ingress()) doesn't set a return value and it is left to the old return value of the caller (__netif_receive_skb_core()) which is RX drop, so if the packet is consumed, caller will stop and return this value as if the packet was dropped. Also, include set of patches to increase stability with connection tracking offload, including reduced cpu load and possible deadlock on cleanup. Eric Dumazet (1): netfilter: conntrack: annotate data-races around ct->timeout Felix Fietkau (1): netfilter: flowtable: fix excessive hw offload attempts after failure Florian Westphal (2): netfilter: conntrack: remove unneeded nf_ct_put netfilter: conntrack: convert to refcount_t api Pablo Neira Ayuso (4): netfilter: flowtable: avoid possible false sharing netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup() netfilter: flowtable: add function to invoke garbage collection immediately netfilter: flowtable: fix stuck flows on cleanup due to pending work Paul Blakey (1): net: Fix return value of qdisc ingress handling on success Yinjun Zhang (1): netfilter: flowtable: Make sure GC works periodically in idle system include/linux/netfilter/nf_conntrack_common.h | 8 +++--- include/net/netfilter/nf_conntrack.h | 6 ++--- include/net/netfilter/nf_flow_table.h | 5 ++++ net/core/dev.c | 4 +++ net/netfilter/nf_conntrack_core.c | 39 +++++++++++++-------------- net/netfilter/nf_conntrack_expect.c | 4 +-- net/netfilter/nf_conntrack_netlink.c | 8 +++--- net/netfilter/nf_conntrack_standalone.c | 4 +-- net/netfilter/nf_flow_table_core.c | 38 ++++++++++++++++---------- net/netfilter/nf_flow_table_offload.c | 8 ++++++ net/netfilter/nf_synproxy_core.c | 1 - net/netfilter/nft_ct.c | 4 +-- net/netfilter/xt_CT.c | 3 +-- net/openvswitch/conntrack.c | 1 - net/sched/act_ct.c | 1 - 15 files changed, 77 insertions(+), 57 deletions(-)