From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
f.fainelli@gmail.com, simon.horman@netronome.com,
ronye@mellanox.com, jiri@mellanox.com, nbd@nbd.name,
john@phrozen.org, kubakici@wp.pl, fw@strlen.de
Subject: Re: [PATCH nf-next RFC,v2 6/6] netfilter: nft_flow_offload: add ndo hooks for hardware offload
Date: Fri, 8 Dec 2017 11:18:36 +0100 [thread overview]
Message-ID: <20171208101836.GH24449@breakpoint.cc> (raw)
In-Reply-To: <20171207124501.24325-7-pablo@netfilter.org>
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> The software flow table garbage collector skips entries that resides in
> the hardware, so the hardware will be responsible for releasing this
> flow table entry too via flow_offload_dead(). In the next garbage
> collector run, this removes the entries both in the software and
> hardware flow table from user context.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> @Florian: I still owe you one here, you mentioned about inmediate schedule
> of the workqueue thread, and I need to revisit this, the quick patch I made
> is hitting splats when calling queue_delayed_work() from packet path, this
> may be my fault though.
OK. IIRC I had suggested to just use schedule_work() instead.
In most cases (assuming system is busy) the workqueue will already be
pending anyway.
> diff --git a/net/netfilter/nf_flow_table.c b/net/netfilter/nf_flow_table.c
> index ff27dad268c3..c578c3aec0e0 100644
> --- a/net/netfilter/nf_flow_table.c
> +++ b/net/netfilter/nf_flow_table.c
> @@ -212,6 +212,21 @@ int nf_flow_table_iterate(struct nf_flowtable *flow_table,
> }
> EXPORT_SYMBOL_GPL(nf_flow_table_iterate);
>
> +static void flow_offload_hw_del(struct flow_offload *flow)
> +{
> + struct net_device *indev;
> + int ret, ifindex;
> +
> + rtnl_lock();
> + ifindex = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.iifidx;
> + indev = __dev_get_by_index(&init_net, ifindex);
I think this should pass struct net * as arg to flow_offload_hw_del.
> + if (WARN_ON(!indev))
> + return;
> +
> + ret = indev->netdev_ops->ndo_flow_offload(FLOW_OFFLOAD_DEL, flow);
> + rtnl_unlock();
> +}
Please no rtnl lock unless absolutely needed.
Seems this could even avoid the mutex completely by using
dev_get_by_index + dev_put.
> +static int do_flow_offload(struct flow_offload *flow)
> +{
> + struct net_device *indev;
> + int ret, ifindex;
> +
> + rtnl_lock();
> + ifindex = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.iifidx;
> + indev = __dev_get_by_index(&init_net, ifindex);
likewise.
> +#define FLOW_HW_WORK_TIMEOUT msecs_to_jiffies(100)
> +
> +static struct delayed_work nft_flow_offload_dwork;
I would go with struct work and no delay at all.
next prev parent reply other threads:[~2017-12-08 10:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-07 12:44 [PATCH nf-next RFC,v2 0/6] Flow offload infrastructure Pablo Neira Ayuso
2017-12-07 12:44 ` [PATCH nf-next RFC,v2 1/6] netfilter: nf_conntrack: add IPS_OFFLOAD status bit Pablo Neira Ayuso
2017-12-08 6:47 ` Florian Westphal
2017-12-08 21:00 ` Pablo Neira Ayuso
2017-12-07 12:44 ` [PATCH nf-next RFC,v2 2/6] netfilter: nf_tables: add flow table netlink frontend Pablo Neira Ayuso
2017-12-07 12:44 ` [PATCH nf-next RFC,v2 3/6] netfilter: add generic flow table infrastructure Pablo Neira Ayuso
2017-12-07 12:44 ` [PATCH nf-next RFC,v2 4/6] netfilter: flow table support for IPv4 Pablo Neira Ayuso
2017-12-08 10:04 ` Florian Westphal
2017-12-08 21:14 ` Pablo Neira Ayuso
2017-12-07 12:45 ` [PATCH nf-next RFC,v2 5/6] netfilter: nf_tables: flow offload expression Pablo Neira Ayuso
2017-12-07 12:45 ` [PATCH nf-next RFC,v2 6/6] netfilter: nft_flow_offload: add ndo hooks for hardware offload Pablo Neira Ayuso
2017-12-08 10:18 ` Florian Westphal [this message]
2017-12-08 21:16 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171208101836.GH24449@breakpoint.cc \
--to=fw@strlen.de \
--cc=f.fainelli@gmail.com \
--cc=jiri@mellanox.com \
--cc=john@phrozen.org \
--cc=kubakici@wp.pl \
--cc=nbd@nbd.name \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=ronye@mellanox.com \
--cc=simon.horman@netronome.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).