netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion
@ 2023-03-22  7:35 Paul Blakey
  2023-03-23 14:33 ` Simon Horman
  2023-03-28 20:40 ` Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Paul Blakey @ 2023-03-22  7:35 UTC (permalink / raw)
  To: Paul Blakey, Pablo Neira Ayuso, Jozsef Kadlecsik,
	Florian Westphal, netfilter-devel
  Cc: Oz Shlomo, Roi Dayan, Vlad Buslov, Saeed Mahameed,
	David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
	coreteam, netdev, linux-kernel

Currently, offloaded conntrack entries (flows) can only be deleted
after they are removed from offload, which is either by timeout,
tcp state change or tc ct rule deletion. This can cause issues for
users wishing to manually delete or flush existing entries.

Support deletion of offloaded conntrack entries.

Example usage:
 # Delete all offloaded (and non offloaded) conntrack entries
 # whose source address is 1.2.3.4
 $ conntrack -D -s 1.2.3.4
 # Delete all entries
 $ conntrack -F

Signed-off-by: Paul Blakey <paulb@nvidia.com>
---
 net/netfilter/nf_conntrack_netlink.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bfc3aaa2c872..fbc47e4b7bc3 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1554,9 +1554,6 @@ static const struct nla_policy ct_nla_policy[CTA_MAX+1] = {
 
 static int ctnetlink_flush_iterate(struct nf_conn *ct, void *data)
 {
-	if (test_bit(IPS_OFFLOAD_BIT, &ct->status))
-		return 0;
-
 	return ctnetlink_filter_match(ct, data);
 }
 
@@ -1626,11 +1623,6 @@ static int ctnetlink_del_conntrack(struct sk_buff *skb,
 
 	ct = nf_ct_tuplehash_to_ctrack(h);
 
-	if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) {
-		nf_ct_put(ct);
-		return -EBUSY;
-	}
-
 	if (cda[CTA_ID]) {
 		__be32 id = nla_get_be32(cda[CTA_ID]);
 
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion
  2023-03-22  7:35 [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion Paul Blakey
@ 2023-03-23 14:33 ` Simon Horman
  2023-03-28 20:40 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2023-03-23 14:33 UTC (permalink / raw)
  To: Paul Blakey
  Cc: Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal,
	netfilter-devel, Oz Shlomo, Roi Dayan, Vlad Buslov,
	Saeed Mahameed, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, coreteam, netdev, linux-kernel

On Wed, Mar 22, 2023 at 09:35:32AM +0200, Paul Blakey wrote:
> Currently, offloaded conntrack entries (flows) can only be deleted
> after they are removed from offload, which is either by timeout,
> tcp state change or tc ct rule deletion. This can cause issues for
> users wishing to manually delete or flush existing entries.
> 
> Support deletion of offloaded conntrack entries.
> 
> Example usage:
>  # Delete all offloaded (and non offloaded) conntrack entries
>  # whose source address is 1.2.3.4
>  $ conntrack -D -s 1.2.3.4
>  # Delete all entries
>  $ conntrack -F
> 
> Signed-off-by: Paul Blakey <paulb@nvidia.com>

Reviewed-by: Simon Horman <simon.horman@corigine.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion
  2023-03-22  7:35 [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion Paul Blakey
  2023-03-23 14:33 ` Simon Horman
@ 2023-03-28 20:40 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2023-03-28 20:40 UTC (permalink / raw)
  To: Paul Blakey
  Cc: Jozsef Kadlecsik, Florian Westphal, netfilter-devel, Oz Shlomo,
	Roi Dayan, Vlad Buslov, Saeed Mahameed, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, coreteam, netdev,
	linux-kernel

Hi Paul,

Apologies for lagging to catch up with this.

On Wed, Mar 22, 2023 at 09:35:32AM +0200, Paul Blakey wrote:
> Currently, offloaded conntrack entries (flows) can only be deleted
> after they are removed from offload, which is either by timeout,
> tcp state change or tc ct rule deletion. This can cause issues for
> users wishing to manually delete or flush existing entries.
> 
> Support deletion of offloaded conntrack entries.
> 
> Example usage:
>  # Delete all offloaded (and non offloaded) conntrack entries
>  # whose source address is 1.2.3.4
>  $ conntrack -D -s 1.2.3.4
>  # Delete all entries
>  $ conntrack -F

This fine with me.

I think probably it much be documented somewhere that in case of
hardware offload, deletion is asynchronous.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-28 20:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-22  7:35 [PATCH nf-next 1/1] netfilter: ctnetlink: Support offloaded conntrack entry deletion Paul Blakey
2023-03-23 14:33 ` Simon Horman
2023-03-28 20:40 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).