Fixes issues with connections hanging after >30 seconds idle time.
Changes since v2:
- Include the previous patch series
- Rebase to current nf.git
- Provide longer description for the teardown state and the changes
for passing flows back to the slow path
Changes since v1:
- Fix up connection tracking state earlier to improve processing of TCP
FIN/RST that trigger the bump to the slow path.
- Fix the value of ct->proto.tcp.state, reset the window values to force
the tcp window check to resync
- Add a checksum fix for DNAT
Felix Fietkau (5):
netfilter: nf_flow_table: make flow_offload_dead inline
netfilter: nf_flow_table: add a new flow state for tearing down
offloading
netfilter: nf_flow_table: in flow_offload_lookup, skip entries being
deleted
netfilter: nf_flow_table: add support for sending flows back to the
slow path
netfilter: nf_flow_table: tear down TCP flows if RST or FIN was seen
include/net/netfilter/nf_flow_table.h | 11 +++++-
net/netfilter/nf_flow_table_core.c | 74 +++++++++++++++++++++++++++--------
net/netfilter/nf_flow_table_ip.c | 30 ++++++++++++--
3 files changed, 94 insertions(+), 21 deletions(-)
--
2.14.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
