From patchwork Tue Jul 28 11:57:58 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Roi Dayan <roid@mellanox.com>
X-Patchwork-Id: 1337760
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org
 (client-ip=23.128.96.18; helo=vger.kernel.org;
 envelope-from=netdev-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=mellanox.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by ozlabs.org (Postfix) with ESMTP id 4BGFYl3hdMz9sSt
	for <patchwork-incoming-netdev@ozlabs.org>;
 Tue, 28 Jul 2020 21:58:19 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729272AbgG1L6O (ORCPT
        <rfc822;patchwork-incoming-netdev@ozlabs.org>);
        Tue, 28 Jul 2020 07:58:14 -0400
Received: from mail-il-dmz.mellanox.com ([193.47.165.129]:36501 "EHLO
        mellanox.co.il" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1729208AbgG1L6O (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 28 Jul 2020 07:58:14 -0400
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 roid@mellanox.com)
        with SMTP; 28 Jul 2020 14:58:10 +0300
Received: from dev-r-vrt-138.mtr.labs.mlnx (dev-r-vrt-138.mtr.labs.mlnx
 [10.212.138.1])
        by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 06SBw9Qs028102;
        Tue, 28 Jul 2020 14:58:09 +0300
From: Roi Dayan <roid@mellanox.com>
To: netdev@vger.kernel.org
Cc: pablo@netfilter.org, Paul Blakey <paulb@mellanox.com>,
        Oz Shlomo <ozsh@mellanox.com>, Roi Dayan <roid@mellanox.com>
Subject: [PATCH net 1/2] netfilter: conntrack: Move nf_ct_offload_timeout to
 header file
Date: Tue, 28 Jul 2020 14:57:58 +0300
Message-Id: <20200728115759.426667-2-roid@mellanox.com>
X-Mailer: git-send-email 2.8.4
In-Reply-To: <20200728115759.426667-1-roid@mellanox.com>
References: <20200728115759.426667-1-roid@mellanox.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

To be used by callers from other modules.

Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Oz Shlomo <ozsh@mellanox.com>
---
 include/net/netfilter/nf_conntrack.h | 12 ++++++++++++
 net/netfilter/nf_conntrack_core.c    | 12 ------------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 90690e37a56f..8481819ff632 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -279,6 +279,18 @@ static inline bool nf_ct_should_gc(const struct nf_conn *ct)
 	       !nf_ct_is_dying(ct);
 }
 
+#define	DAY	(86400 * HZ)
+
+/* Set an arbitrary timeout large enough not to ever expire, this save
+ * us a check for the IPS_OFFLOAD_BIT from the packet path via
+ * nf_ct_is_expired().
+ */
+static inline void nf_ct_offload_timeout(struct nf_conn *ct)
+{
+	if (nf_ct_expires(ct) < DAY / 2)
+		ct->timeout = nfct_time_stamp + DAY;
+}
+
 struct kernel_param;
 
 int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 79cd9dde457b..947c6d9437c3 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1344,18 +1344,6 @@ static bool gc_worker_can_early_drop(const struct nf_conn *ct)
 	return false;
 }
 
-#define	DAY	(86400 * HZ)
-
-/* Set an arbitrary timeout large enough not to ever expire, this save
- * us a check for the IPS_OFFLOAD_BIT from the packet path via
- * nf_ct_is_expired().
- */
-static void nf_ct_offload_timeout(struct nf_conn *ct)
-{
-	if (nf_ct_expires(ct) < DAY / 2)
-		ct->timeout = nfct_time_stamp + DAY;
-}
-
 static void gc_worker(struct work_struct *work)
 {
 	unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);

From patchwork Tue Jul 28 11:57:59 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Roi Dayan <roid@mellanox.com>
X-Patchwork-Id: 1337759
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org
 (client-ip=23.128.96.18; helo=vger.kernel.org;
 envelope-from=netdev-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=mellanox.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by ozlabs.org (Postfix) with ESMTP id 4BGFYk1r9Fz9sT6
	for <patchwork-incoming-netdev@ozlabs.org>;
 Tue, 28 Jul 2020 21:58:18 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729276AbgG1L6P (ORCPT
        <rfc822;patchwork-incoming-netdev@ozlabs.org>);
        Tue, 28 Jul 2020 07:58:15 -0400
Received: from mail-il-dmz.mellanox.com ([193.47.165.129]:36502 "EHLO
        mellanox.co.il" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1729257AbgG1L6O (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 28 Jul 2020 07:58:14 -0400
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 roid@mellanox.com)
        with SMTP; 28 Jul 2020 14:58:10 +0300
Received: from dev-r-vrt-138.mtr.labs.mlnx (dev-r-vrt-138.mtr.labs.mlnx
 [10.212.138.1])
        by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 06SBw9Qt028102;
        Tue, 28 Jul 2020 14:58:10 +0300
From: Roi Dayan <roid@mellanox.com>
To: netdev@vger.kernel.org
Cc: pablo@netfilter.org, Paul Blakey <paulb@mellanox.com>,
        Oz Shlomo <ozsh@mellanox.com>, Roi Dayan <roid@mellanox.com>
Subject: [PATCH net 2/2] net/sched: act_ct: Set offload timeout when setting
 the offload bit
Date: Tue, 28 Jul 2020 14:57:59 +0300
Message-Id: <20200728115759.426667-3-roid@mellanox.com>
X-Mailer: git-send-email 2.8.4
In-Reply-To: <20200728115759.426667-1-roid@mellanox.com>
References: <20200728115759.426667-1-roid@mellanox.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

On heavily loaded systems the GC can take time to go over all existing
conns and reset their timeout. At that time other calls like from
nf_conntrack_in() can call of nf_ct_is_expired() and see the conn as
expired. To fix this when we set the offload bit we should also reset
the timeout instead of counting on GC to finish first iteration over
all conns before the initial timeout.

Fixes: 64ff70b80fd4 ("net/sched: act_ct: Offload established connections to flow table")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Oz Shlomo <ozsh@mellanox.com>
---
 net/sched/act_ct.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index e9f3576cbf71..650c2d78a346 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -366,6 +366,8 @@ static void tcf_ct_flow_table_add(struct tcf_ct_flow_table *ct_ft,
 	if (err)
 		goto err_add;
 
+	nf_ct_offload_timeout(ct);
+
 	return;
 
 err_add: