On 2021-02-03 2:50 PM, Florian Westphal wrote:
Roi Dayan wrote:
Do you think rhashtable_insert_fast() in flow_offload_add() blocks for
dozens of seconds?
I'm not sure. but its not only that but also the time to be in
established state as only then we offload.
That makes it even more weir
Roi Dayan wrote:
> > Do you think rhashtable_insert_fast() in flow_offload_add() blocks for
> > dozens of seconds?
>
> I'm not sure. but its not only that but also the time to be in
> established state as only then we offload.
That makes it even more weird. Timeout for established is even large
On 2021-02-01 5:25 PM, Florian Westphal wrote:
Roi Dayan wrote:
TCP initial timeout is one minute, UDP 30 seconds.
That should surely be enough to do flow_offload_add (which extends
the timeout)?
Yes, flow_offload_add() extends the timeout. but it needs to finish.
Maybe something is doi
Roi Dayan wrote:
> > TCP initial timeout is one minute, UDP 30 seconds.
> > That should surely be enough to do flow_offload_add (which extends
> > the timeout)?
>
> Yes, flow_offload_add() extends the timeout. but it needs to finish.
>
> >
> > Maybe something is doing flow_offload_add() for unc
On 2021-02-01 1:50 PM, Florian Westphal wrote:
Roi Dayan wrote:
There is a 3rd caller nf_ct_gc_expired() which being called by 3
other callers:
nf_conntrack_find()
nf_conntrack_tuple_taken()
early_drop_list()
Hm. I'm not sure yet what path is triggering this bug.
Florian came up with
Roi Dayan wrote:
> > > There is a 3rd caller nf_ct_gc_expired() which being called by 3
> > > other callers:
> > > nf_conntrack_find()
> > > nf_conntrack_tuple_taken()
> > > early_drop_list()
> >
> > Hm. I'm not sure yet what path is triggering this bug.
> >
> > Florian came up with the idea
On 2021-02-01 5:08 AM, Pablo Neira Ayuso wrote:
Hi Roi,
On Sun, Jan 31, 2021 at 03:18:34PM +0200, Roi Dayan wrote:
[...]
Hi Pablo,
We did more tests with just updating the timeout in the 2 callers
and it's not enough. We reproduce the issue of rules being timed
out just now frim different p
Hi Roi,
On Sun, Jan 31, 2021 at 03:18:34PM +0200, Roi Dayan wrote:
[...]
> Hi Pablo,
>
> We did more tests with just updating the timeout in the 2 callers
> and it's not enough. We reproduce the issue of rules being timed
> out just now frim different place.
Thanks for giving it a try to my sugg
On 2021-01-31 12:01 PM, Roi Dayan wrote:
On 2021-01-30 2:01 PM, Pablo Neira Ayuso wrote:
Hi Roi,
On Thu, Jan 28, 2021 at 09:40:52AM +0200, Roi Dayan wrote:
Currently, offloaded flows might be deleted when executing conntrack -L
or cat /proc/net/nf_conntrack while rules being offloaded.
Ct
Hi Roi,
On Thu, Jan 28, 2021 at 09:40:52AM +0200, Roi Dayan wrote:
> Currently, offloaded flows might be deleted when executing conntrack -L
> or cat /proc/net/nf_conntrack while rules being offloaded.
> Ct timeout is not maintained for offloaded flows as aging
> of offloaded flows are managed by
Currently, offloaded flows might be deleted when executing conntrack -L
or cat /proc/net/nf_conntrack while rules being offloaded.
Ct timeout is not maintained for offloaded flows as aging
of offloaded flows are managed by the flow table offload infrastructure.
Don't do garbage collection for offl
11 matches
Mail list logo
