diff options
author | Paul Blakey <paulb@mellanox.com> | 2020-03-12 13:23:08 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-03-13 01:00:39 +0300 |
commit | 8b3646d6e0c4ca4ba5615facaef1312d6d40d123 (patch) | |
tree | 7a9fce3f6028080e0375163d11604ef5f73203d1 /net/netfilter/nf_flow_table_core.c | |
parent | 30b0cf90c6dd82e7ebb3fcb5ba8447f1baeb80be (diff) | |
download | linux-8b3646d6e0c4ca4ba5615facaef1312d6d40d123.tar.xz |
net/sched: act_ct: Support refreshing the flow table entries
If driver deleted an FT entry, a FT failed to offload, or registered to the
flow table after flows were already added, we still get packets in
software.
For those packets, while restoring the ct state from the flow table
entry, refresh it's hardware offload.
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nf_flow_table_core.c')
-rw-r--r-- | net/netfilter/nf_flow_table_core.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 4af0327992cf..9a477bd563b7 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -252,6 +252,19 @@ int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) } EXPORT_SYMBOL_GPL(flow_offload_add); +void flow_offload_refresh(struct nf_flowtable *flow_table, + struct flow_offload *flow) +{ + flow->timeout = nf_flowtable_time_stamp + NF_FLOW_TIMEOUT; + + if (likely(!nf_flowtable_hw_offload(flow_table) || + !test_and_clear_bit(NF_FLOW_HW_REFRESH, &flow->flags))) + return; + + nf_flow_offload_add(flow_table, flow); +} +EXPORT_SYMBOL_GPL(flow_offload_refresh); + static inline bool nf_flow_has_expired(const struct flow_offload *flow) { return nf_flow_timeout_delta(flow->timeout) <= 0; |