From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Oz Shlomo <ozsh@nvidia.com>
Cc: Paul Blakey <paulb@nvidia.com>,
netfilter-devel@vger.kernel.org,
Saeed Mahameed <saeedm@nvidia.com>
Subject: Re: [PATCH nf-next 0/3] Control nf flow table timeouts
Date: Mon, 7 Jun 2021 14:16:09 +0200 [thread overview]
Message-ID: <20210607121609.GA7908@salvia> (raw)
In-Reply-To: <20210603121235.13804-1-ozsh@nvidia.com>
On Thu, Jun 03, 2021 at 03:12:32PM +0300, Oz Shlomo wrote:
> TCP and UDP connections may be offloaded from nf conntrack to nf flow table.
> Offloaded connections are aged after 30 seconds of inactivity.
> Once aged, ownership is returned to conntrack with a hard coded tcp/udp
> pickup time of 120/30 seconds, after which the connection may be deleted.
>
> The current hard-coded pickup intervals may introduce a very aggressive
> aging policy. For example, offloaded tcp connections in established state
> will timeout from nf conntrack after just 150 seconds of inactivity,
> instead of 5 days. In addition, the hard-coded 30 second offload timeout
> period can significantly increase the hardware insertion rate requirements
> in some use cases.
>
> This patchset provides the user with the ability to configure protocol
> specific offload timeout and pickup intervals via sysctl.
> The first and second patches introduce the sysctl configuration for
> tcp and udp protocols. The last patch modifies nf flow table aging
> mechanisms to use the configured time intervals.
Series applied, thanks.
next prev parent reply other threads:[~2021-06-07 12:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 12:12 [PATCH nf-next 0/3] Control nf flow table timeouts Oz Shlomo
2021-06-03 12:12 ` [PATCH nf-next 1/3] netfilter: conntrack: Introduce tcp offload timeout configuration Oz Shlomo
2021-06-03 12:12 ` [PATCH nf-next 2/3] netfilter: conntrack: Introduce udp " Oz Shlomo
2021-06-03 12:12 ` [PATCH nf-next 3/3] netfilter: flowtable: Set offload timeouts according to proto values Oz Shlomo
2021-06-07 12:16 ` Pablo Neira Ayuso [this message]
2021-06-09 23:12 ` [PATCH nf-next 0/3] Control nf flow table timeouts Marcelo Ricardo Leitner
2021-06-10 7:08 ` Oz Shlomo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210607121609.GA7908@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ozsh@nvidia.com \
--cc=paulb@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.