Re: [PATCH] Periodically flow expire from flow offload tables

From: Pablo Neira Ayuso
Date: Tue Oct 25 2022 - 07:05:30 EST

Next message: Alex Shi: "Re: [PATCH v2 1/2] Documentation: Start translations to Spanish"
Previous message: Rahul Tanwar: "[PATCH 1/1] clk: mxl: Fix smatch static checker warning"
Next in thread: Michael Lilja: "Re: [PATCH] Periodically flow expire from flow offload tables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Sun, Oct 23, 2022 at 07:16:58PM +0200, Michael Lilja wrote:
> When a flow is added to a flow table for offload SW/HW-offload
> the user has no means of controlling the flow once it has
> been offloaded. If a number of firewall rules has been made using
> time schedules then these rules doesn't apply for the already
> offloaded flows. Adding new firewall rules also doesn't affect
> already offloaded flows.
>
> This patch handle flow table retirement giving the user the option
> to at least periodically get the flow back into control of the
> firewall rules so already offloaded flows can be dropped or be
> pushed back to flow offload tables.
>
> The flow retirement is disabled by default and can be set in seconds
> using sysctl -w net.netfilter.nf_flowtable_retire

How does your ruleset look like? Could you detail your usecase?

Thanks.

Next message: Alex Shi: "Re: [PATCH v2 1/2] Documentation: Start translations to Spanish"
Previous message: Rahul Tanwar: "[PATCH 1/1] clk: mxl: Fix smatch static checker warning"
Next in thread: Michael Lilja: "Re: [PATCH] Periodically flow expire from flow offload tables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]