28 lines
885 B
Diff
28 lines
885 B
Diff
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Fri, 6 May 2022 12:37:23 +0200
|
|
Subject: [PATCH] netfilter: flowtable: fix excessive hw offload attempts
|
|
after failure
|
|
|
|
If a flow cannot be offloaded, the code currently repeatedly tries again as
|
|
quickly as possible, which can significantly increase system load.
|
|
Fix this by limiting flow timeout update and hardware offload retry to once
|
|
per second.
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
|
|
--- a/net/netfilter/nf_flow_table_core.c
|
|
+++ b/net/netfilter/nf_flow_table_core.c
|
|
@@ -329,8 +329,10 @@ void flow_offload_refresh(struct nf_flow
|
|
u32 timeout;
|
|
|
|
timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
|
|
- if (READ_ONCE(flow->timeout) != timeout)
|
|
+ if (timeout - READ_ONCE(flow->timeout) > HZ)
|
|
WRITE_ONCE(flow->timeout, timeout);
|
|
+ else
|
|
+ return;
|
|
|
|
if (likely(!nf_flowtable_hw_offload(flow_table)))
|
|
return;
|