All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
@ 2021-06-17  6:50 Oz Shlomo
  2021-06-18 22:00 ` Pablo Neira Ayuso
  2021-06-21 16:14 ` Arturo Borrero Gonzalez
  0 siblings, 2 replies; 5+ messages in thread
From: Oz Shlomo @ 2021-06-17  6:50 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: Paul Blakey, netfilter-devel, Saeed Mahameed,
	Marcelo Ricardo Leitner, Oz Shlomo

Document the following connection offload configuration parameters:
- nf_flowtable_tcp_timeout
- nf_flowtable_tcp_pickup
- nf_flowtable_udp_timeout
- nf_flowtable_udp_pickup

Signed-off-by: Oz Shlomo <ozsh@nvidia.com>
---
 Documentation/networking/nf_conntrack-sysctl.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst
index 11a9b76786cb..0467b30e4abe 100644
--- a/Documentation/networking/nf_conntrack-sysctl.rst
+++ b/Documentation/networking/nf_conntrack-sysctl.rst
@@ -177,3 +177,27 @@ nf_conntrack_gre_timeout_stream - INTEGER (seconds)
 
 	This extended timeout will be used in case there is an GRE stream
 	detected.
+
+nf_flowtable_tcp_timeout - INTEGER (seconds)
+        default 30
+
+        Control offload timeout for tcp connections.
+        TCP connections may be offloaded from nf conntrack to nf flow table.
+        Once aged, the connection is returned to nf conntrack with tcp pickup timeout.
+
+nf_flowtable_tcp_pickup - INTEGER (seconds)
+        default 120
+
+        TCP connection timeout after being aged from nf flow table offload.
+
+nf_flowtable_udp_timeout - INTEGER (seconds)
+        default 30
+
+        Control offload timeout for udp connections.
+        UDP connections may be offloaded from nf conntrack to nf flow table.
+        Once aged, the connection is returned to nf conntrack with udp pickup timeout.
+
+nf_flowtable_udp_pickup - INTEGER (seconds)
+        default 30
+
+        UDP connection timeout after being aged from nf flow table offload.
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  2021-06-17  6:50 [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters Oz Shlomo
@ 2021-06-18 22:00 ` Pablo Neira Ayuso
  2021-06-21 16:14 ` Arturo Borrero Gonzalez
  1 sibling, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-06-18 22:00 UTC (permalink / raw)
  To: Oz Shlomo
  Cc: Paul Blakey, netfilter-devel, Saeed Mahameed, Marcelo Ricardo Leitner

On Thu, Jun 17, 2021 at 09:50:06AM +0300, Oz Shlomo wrote:
> Document the following connection offload configuration parameters:
> - nf_flowtable_tcp_timeout
> - nf_flowtable_tcp_pickup
> - nf_flowtable_udp_timeout
> - nf_flowtable_udp_pickup

Applied, thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  2021-06-17  6:50 [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters Oz Shlomo
  2021-06-18 22:00 ` Pablo Neira Ayuso
@ 2021-06-21 16:14 ` Arturo Borrero Gonzalez
  2021-06-21 16:26   ` Pablo Neira Ayuso
  1 sibling, 1 reply; 5+ messages in thread
From: Arturo Borrero Gonzalez @ 2021-06-21 16:14 UTC (permalink / raw)
  To: Oz Shlomo, Pablo Neira Ayuso
  Cc: Paul Blakey, netfilter-devel, Saeed Mahameed, Marcelo Ricardo Leitner

On 6/17/21 8:50 AM, Oz Shlomo wrote:
> Document the following connection offload configuration parameters:
> - nf_flowtable_tcp_timeout
> - nf_flowtable_tcp_pickup
> - nf_flowtable_udp_timeout
> - nf_flowtable_udp_pickup
> 
> Signed-off-by: Oz Shlomo<ozsh@nvidia.com>

Sorry for the late feedback.

In my experience the kernel docs have rather poor documents for netfilter sysctl 
parameters. I often find myself reading the source code for a deeper 
understanding of what is going on.

The docs included in this patch are too short in my opinion, example:

+nf_flowtable_tcp_pickup - INTEGER (seconds)
+        default 120
+
+        TCP connection timeout after being aged from nf flow table offload.


Here, having an example of the sequence of events going on with the conntrack 
entry and how this sysctl key affects it would be great. Some explanation of the 
behavior that may be observed when tuning this value would be nice as well.

Given the patch was merged already, you can feel free to ignore this anyway :-)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  2021-06-21 16:14 ` Arturo Borrero Gonzalez
@ 2021-06-21 16:26   ` Pablo Neira Ayuso
  2021-06-21 17:03     ` Arturo Borrero Gonzalez
  0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-06-21 16:26 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez
  Cc: Oz Shlomo, Paul Blakey, netfilter-devel, Saeed Mahameed,
	Marcelo Ricardo Leitner

On Mon, Jun 21, 2021 at 06:14:15PM +0200, Arturo Borrero Gonzalez wrote:
> On 6/17/21 8:50 AM, Oz Shlomo wrote:
> > Document the following connection offload configuration parameters:
> > - nf_flowtable_tcp_timeout
> > - nf_flowtable_tcp_pickup
> > - nf_flowtable_udp_timeout
> > - nf_flowtable_udp_pickup
> > 
> > Signed-off-by: Oz Shlomo<ozsh@nvidia.com>
> 
> Sorry for the late feedback.
> 
> In my experience the kernel docs have rather poor documents for netfilter
> sysctl parameters. I often find myself reading the source code for a deeper
> understanding of what is going on.
> 
> The docs included in this patch are too short in my opinion, example:
> 
> +nf_flowtable_tcp_pickup - INTEGER (seconds)
> +        default 120
> +
> +        TCP connection timeout after being aged from nf flow table offload.
> 
> 
> Here, having an example of the sequence of events going on with the
> conntrack entry and how this sysctl key affects it would be great. Some
> explanation of the behavior that may be observed when tuning this value
> would be nice as well.
> 
> Given the patch was merged already, you can feel free to ignore this anyway :-)

I think I can extend the flowtable documentation to include this
information:

https://www.kernel.org/doc/html/latest/networking/nf_flowtable.html

to refer to this new sysctl knobs too.

If you think something else in the big picture, please, let me know
I'll be glad to extend it.

Thanks!

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters
  2021-06-21 16:26   ` Pablo Neira Ayuso
@ 2021-06-21 17:03     ` Arturo Borrero Gonzalez
  0 siblings, 0 replies; 5+ messages in thread
From: Arturo Borrero Gonzalez @ 2021-06-21 17:03 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: Oz Shlomo, Paul Blakey, netfilter-devel, Saeed Mahameed,
	Marcelo Ricardo Leitner

On 6/21/21 6:26 PM, Pablo Neira Ayuso wrote:
> 
> I think I can extend the flowtable documentation to include this
> information:
> 
> https://www.kernel.org/doc/html/latest/networking/nf_flowtable.html
> 
> to refer to this new sysctl knobs too.
> 

That would be cool :-)

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-06-21 17:03 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-17  6:50 [PATCH nf-next] docs: networking: Update connection tracking offload sysctl parameters Oz Shlomo
2021-06-18 22:00 ` Pablo Neira Ayuso
2021-06-21 16:14 ` Arturo Borrero Gonzalez
2021-06-21 16:26   ` Pablo Neira Ayuso
2021-06-21 17:03     ` Arturo Borrero Gonzalez

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.