From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next,v2 4/9] netfilter: flowtable: remove dying bit, use teardown bit instead
Date: Mon, 13 Jan 2020 19:15:49 +0100 [thread overview]
Message-ID: <20200113181554.52612-4-pablo@netfilter.org> (raw)
In-Reply-To: <20200113181554.52612-1-pablo@netfilter.org>
The dying bit removes the conntrack entry if the netdev that owns this
flow is going down. Instead, use the teardown mechanism to push back the
flow to conntrack to let the classic software path decide what to do
with it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: rebase on top of nf-next.
include/net/netfilter/nf_flow_table.h | 5 -----
net/netfilter/nf_flow_table_core.c | 8 +++-----
2 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 415b8f49d150..4ad924d5f983 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -85,7 +85,6 @@ struct flow_offload_tuple_rhash {
#define FLOW_OFFLOAD_SNAT 0x1
#define FLOW_OFFLOAD_DNAT 0x2
-#define FLOW_OFFLOAD_DYING 0x4
#define FLOW_OFFLOAD_TEARDOWN 0x8
#define FLOW_OFFLOAD_HW 0x10
#define FLOW_OFFLOAD_HW_DYING 0x20
@@ -134,10 +133,6 @@ int nf_flow_table_init(struct nf_flowtable *flow_table);
void nf_flow_table_free(struct nf_flowtable *flow_table);
void flow_offload_teardown(struct flow_offload *flow);
-static inline void flow_offload_dead(struct flow_offload *flow)
-{
- flow->flags |= FLOW_OFFLOAD_DYING;
-}
int nf_flow_snat_port(const struct flow_offload *flow,
struct sk_buff *skb, unsigned int thoff,
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 9e6de2bbeccb..a9ed93a9e007 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -182,8 +182,6 @@ void flow_offload_free(struct flow_offload *flow)
default:
break;
}
- if (flow->flags & FLOW_OFFLOAD_DYING)
- nf_ct_delete(flow->ct, 0, 0);
nf_ct_put(flow->ct);
kfree_rcu(flow, rcu_head);
}
@@ -300,7 +298,7 @@ flow_offload_lookup(struct nf_flowtable *flow_table,
dir = tuplehash->tuple.dir;
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
- if (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))
+ if (flow->flags & FLOW_OFFLOAD_TEARDOWN)
return NULL;
if (unlikely(nf_ct_is_dying(flow->ct)))
@@ -349,7 +347,7 @@ static void nf_flow_offload_gc_step(struct flow_offload *flow, void *data)
struct nf_flowtable *flow_table = data;
if (nf_flow_has_expired(flow) || nf_ct_is_dying(flow->ct) ||
- (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))) {
+ (flow->flags & FLOW_OFFLOAD_TEARDOWN)) {
if (flow->flags & FLOW_OFFLOAD_HW) {
if (!(flow->flags & FLOW_OFFLOAD_HW_DYING))
nf_flow_offload_del(flow_table, flow);
@@ -523,7 +521,7 @@ static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
if (net_eq(nf_ct_net(flow->ct), dev_net(dev)) &&
(flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
flow->tuplehash[1].tuple.iifidx == dev->ifindex))
- flow_offload_dead(flow);
+ flow_offload_teardown(flow);
}
static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable,
--
2.11.0
next prev parent reply other threads:[~2020-01-13 18:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-13 18:15 [PATCH nf-next,v3 1/9] netfilter: flowtable: fetch stats only if flow is still alive Pablo Neira Ayuso
2020-01-13 18:15 ` [PATCH nf-next,v2 2/9] netfilter: flowtable: restrict flow dissector match on meta ingress device Pablo Neira Ayuso
2020-01-13 18:15 ` [PATCH nf-next,v2 3/9] netfilter: flowtable: add nf_flow_offload_work_alloc() Pablo Neira Ayuso
2020-01-13 18:15 ` Pablo Neira Ayuso [this message]
2020-01-13 18:15 ` [PATCH nf-next,v2 5/9] netfilter: flowtable: use atomic bitwise operations for flow flags Pablo Neira Ayuso
2020-01-13 18:15 ` [PATCH nf-next 6/9] netfilter: flowtable: add nf_flowtable_hw_offload() helper function Pablo Neira Ayuso
2020-01-13 18:15 ` [PATCH nf-next,v2 7/9] netfilter: flowtable: refresh flow if hardware offload fails Pablo Neira Ayuso
2020-01-13 18:15 ` [PATCH nf-next 8/9] netfilter: flowtable: add flow_offload_tuple() helper Pablo Neira Ayuso
2020-01-14 5:58 ` wenxu
2020-01-13 18:15 ` [PATCH nf-next 9/9] netfilter: flowtable: add nf_flow_table_offload_cmd() Pablo Neira Ayuso
2020-01-14 5:45 ` wenxu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200113181554.52612-4-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).