From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
pabeni@redhat.com
Subject: [PATCH net 0/7] Netfilter fixes for net
Date: Wed, 18 May 2022 23:38:34 +0200 [thread overview]
Message-ID: <20220518213841.359653-1-pablo@netfilter.org> (raw)
Hi,
This patchset contains Netfilter fixes for net:
1) Reduce number of hardware offload retries from flowtable datapath
which might hog system with retries, from Felix Fietkau.
2) Skip neighbour lookup for PPPoE device, fill_forward_path() already
provides this and set on destination address from fill_forward_path for
PPPoE device, also from Felix.
4) When combining PPPoE on top of a VLAN device, set info->outdev to the
PPPoE device so software offload works, from Felix.
5) Fix TCP teardown flowtable state, races with conntrack gc might result
in resetting the state to ESTABLISHED and the time to one day. Joint
work with Oz Shlomo and Sven Auhagen.
6) Call dst_check() from flowtable datapath to check if dst is stale
instead of doing it from garbage collector path.
7) Disable register tracking infrastructure, either user-space or
kernel need to pre-fetch keys inconditionally, otherwise register
tracking assumes data is already available in register that might
not well be there, leading to incorrect reductions.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit f3f19f939c11925dadd3f4776f99f8c278a7017b:
Merge tag 'net-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2022-05-12 11:51:45 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to 9e539c5b6d9c5b996e45105921ee9dd955c0f535:
netfilter: nf_tables: disable expression reduction infra (2022-05-18 17:34:26 +0200)
----------------------------------------------------------------
Felix Fietkau (4):
netfilter: flowtable: fix excessive hw offload attempts after failure
netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
net: fix dev_fill_forward_path with pppoe + bridge
netfilter: nft_flow_offload: fix offload with pppoe + vlan
Pablo Neira Ayuso (2):
netfilter: flowtable: fix TCP flow teardown
netfilter: nf_tables: disable expression reduction infra
Ritaro Takenaka (1):
netfilter: flowtable: move dst_check to packet path
drivers/net/ppp/pppoe.c | 1 +
include/linux/netdevice.h | 2 +-
net/core/dev.c | 2 +-
net/netfilter/nf_flow_table_core.c | 60 +++++++-------------------------------
net/netfilter/nf_flow_table_ip.c | 19 ++++++++++++
net/netfilter/nf_tables_api.c | 11 +------
net/netfilter/nft_flow_offload.c | 28 +++++++++++-------
7 files changed, 51 insertions(+), 72 deletions(-)
next reply other threads:[~2022-05-18 21:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-18 21:38 Pablo Neira Ayuso [this message]
2022-05-18 21:38 ` [PATCH net 1/7] netfilter: flowtable: fix excessive hw offload attempts after failure Pablo Neira Ayuso
2022-05-19 4:40 ` patchwork-bot+netdevbpf
2022-05-18 21:38 ` [PATCH net 2/7] netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices Pablo Neira Ayuso
2022-05-18 21:38 ` [PATCH net 3/7] net: fix dev_fill_forward_path with pppoe + bridge Pablo Neira Ayuso
2022-05-18 21:38 ` [PATCH net 4/7] netfilter: nft_flow_offload: fix offload with pppoe + vlan Pablo Neira Ayuso
2022-05-18 21:38 ` [PATCH net 5/7] netfilter: flowtable: fix TCP flow teardown Pablo Neira Ayuso
2022-05-18 21:38 ` [PATCH net 6/7] netfilter: flowtable: move dst_check to packet path Pablo Neira Ayuso
2022-05-18 21:38 ` [PATCH net 7/7] netfilter: nf_tables: disable expression reduction infra Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2024-04-11 11:28 [PATCH net 0/7] Netfilter fixes for net Pablo Neira Ayuso
2024-04-11 11:39 ` Paolo Abeni
2024-04-11 11:42 ` Pablo Neira Ayuso
2024-04-11 11:58 ` Paolo Abeni
2024-04-11 15:30 ` Pablo Neira Ayuso
2023-01-02 16:40 Pablo Neira Ayuso
2022-06-06 21:20 Pablo Neira Ayuso
2021-12-09 0:08 Pablo Neira Ayuso
2021-04-12 22:30 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220518213841.359653-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.