From patchwork Mon May 24 19:12:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 1482931 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fpn0w2jy8z9sRN; Tue, 25 May 2021 05:13:04 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1llG0Z-0002zJ-N9; Mon, 24 May 2021 19:12:59 +0000 Received: from mail-il-dmz.mellanox.com ([193.47.165.129] helo=mellanox.co.il) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1llG0W-0002zD-Vw for kernel-team@lists.ubuntu.com; Mon, 24 May 2021 19:12:57 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@nvidia.com) with SMTP; 24 May 2021 22:12:51 +0300 Received: from sw-mtx-hparm-003.mtx.labs.mlnx. (sw-mtx-hparm-003.mtx.labs.mlnx [10.9.151.78]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 14OJConR008421; Mon, 24 May 2021 22:12:50 +0300 From: Daniel Jurgens To: kernel-team@lists.ubuntu.com Subject: [SRU][F:linux-bluefield][PATCH] UBUNTU: SAUCE: netfilter: conntrack: Check offload bit on table dump Date: Mon, 24 May 2021 22:12:49 +0300 Message-Id: <1621883569-33343-1-git-send-email-danielj@nvidia.com> X-Mailer: git-send-email 1.8.3.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, danielj@nvidia.com, maord@nvidia.com MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Roi Dayan BugLink: https://bugs.launchpad.net/bugs/1929458 If the conntrack entry is owned by the flow table offload infrastructure then don't do garbage collect when dumping the entries. The entry offload timeout might not be updated as the flow timeout being updated. To reproduce the issue we can do conntrack -L or cat /proc/net/nf_conntrack while rules being offloaded. Sometimes rules will get deleted because ct timeout expired. So check the offload bit like gc_worker() as others loops does. This is not a final fix and still being investigated why ct initial timeout was not enough before offload path updated the ct timeout to a day. Fixes: 90964016e5d3 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit") Signed-off-by: Roi Dayan Signed-off-by: Daniel Jurgens Acked-by: Krzysztof Kozlowski Acked-by: Kleber Sacilotto de Souza --- include/net/netfilter/nf_conntrack.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index c7bfddf..4f51b62 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -276,7 +276,7 @@ static inline bool nf_ct_is_expired(const struct nf_conn *ct) static inline bool nf_ct_should_gc(const struct nf_conn *ct) { return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) && - !nf_ct_is_dying(ct); + !nf_ct_is_dying(ct) && !test_bit(IPS_OFFLOAD_BIT, &ct->status); } #define NF_CT_DAY (86400 * HZ)