* [PATCH net 0/1] Netfilter fixes for net
@ 2025-02-13 10:05 Pablo Neira Ayuso
2025-02-13 10:05 ` [PATCH net 1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2025-02-13 10:05 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet, fw, horms
Hi,
The following batch contains one revert for:
1) Revert flowtable entry teardown cycle when skbuff exceeds mtu to
deal with DF flag unset scenarios. This is reverts a patch coming
in the previous merge window (available in 6.14-rc releases).
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-25-02-13
Thanks.
----------------------------------------------------------------
The following changes since commit e589adf5b70c07b1ab974d077046fdbf583b2f36:
iavf: Fix a locking bug in an error path (2025-02-11 18:02:04 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-25-02-13
for you to fetch changes up to cf56aa8dd26328a9af4ffe7fb0bd8fcfa9407112:
Revert "netfilter: flowtable: teardown flow if cached mtu is stale" (2025-02-12 10:35:20 +0100)
----------------------------------------------------------------
netfilter pull request 25-02-13
----------------------------------------------------------------
Pablo Neira Ayuso (1):
Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
net/netfilter/nf_flow_table_ip.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH net 1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" 2025-02-13 10:05 [PATCH net 0/1] Netfilter fixes for net Pablo Neira Ayuso @ 2025-02-13 10:05 ` Pablo Neira Ayuso 2025-02-13 17:50 ` patchwork-bot+netdevbpf 0 siblings, 1 reply; 3+ messages in thread From: Pablo Neira Ayuso @ 2025-02-13 10:05 UTC (permalink / raw) To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet, fw, horms This reverts commit b8baac3b9c5cc4b261454ff87d75ae8306016ffd. IPv4 packets with no DF flag set on result in frequent flow entry teardown cycles, this is visible in the network topology that is used in the nft_flowtable.sh test. nft_flowtable.sh test ocassionally fails reporting that the dscp_fwd test sees no packets going through the flowtable path. Fixes: b8baac3b9c5c ("netfilter: flowtable: teardown flow if cached mtu is stale") Reported-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nf_flow_table_ip.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 97c6eb8847a0..8cd4cf7ae211 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -381,10 +381,8 @@ static int nf_flow_offload_forward(struct nf_flowtable_ctx *ctx, flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); mtu = flow->tuplehash[dir].tuple.mtu + ctx->offset; - if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) { - flow_offload_teardown(flow); + if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) return 0; - } iph = (struct iphdr *)(skb_network_header(skb) + ctx->offset); thoff = (iph->ihl * 4) + ctx->offset; @@ -662,10 +660,8 @@ static int nf_flow_offload_ipv6_forward(struct nf_flowtable_ctx *ctx, flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); mtu = flow->tuplehash[dir].tuple.mtu + ctx->offset; - if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) { - flow_offload_teardown(flow); + if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) return 0; - } ip6h = (struct ipv6hdr *)(skb_network_header(skb) + ctx->offset); thoff = sizeof(*ip6h) + ctx->offset; -- 2.30.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net 1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" 2025-02-13 10:05 ` [PATCH net 1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" Pablo Neira Ayuso @ 2025-02-13 17:50 ` patchwork-bot+netdevbpf 0 siblings, 0 replies; 3+ messages in thread From: patchwork-bot+netdevbpf @ 2025-02-13 17:50 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: netfilter-devel, davem, netdev, kuba, pabeni, edumazet, fw, horms Hello: This patch was applied to netdev/net.git (main) by Pablo Neira Ayuso <pablo@netfilter.org>: On Thu, 13 Feb 2025 11:05:02 +0100 you wrote: > This reverts commit b8baac3b9c5cc4b261454ff87d75ae8306016ffd. > > IPv4 packets with no DF flag set on result in frequent flow entry > teardown cycles, this is visible in the network topology that is used in > the nft_flowtable.sh test. > > nft_flowtable.sh test ocassionally fails reporting that the dscp_fwd > test sees no packets going through the flowtable path. > > [...] Here is the summary with links: - [net,1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" https://git.kernel.org/netdev/net/c/cf56aa8dd263 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-02-13 17:50 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-02-13 10:05 [PATCH net 0/1] Netfilter fixes for net Pablo Neira Ayuso 2025-02-13 10:05 ` [PATCH net 1/1] Revert "netfilter: flowtable: teardown flow if cached mtu is stale" Pablo Neira Ayuso 2025-02-13 17:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).