On Thu, Jun 03, 2021 at 03:12:32PM +0300, Oz Shlomo wrote: > TCP and UDP connections may be offloaded from nf conntrack to nf flow table. > Offloaded connections are aged after 30 seconds of inactivity. > Once aged, ownership is returned to conntrack with a hard coded tcp/udp > pickup time of 120/30 seconds, after which the connection may be deleted. > > The current hard-coded pickup intervals may introduce a very aggressive > aging policy. For example, offloaded tcp connections in established state > will timeout from nf conntrack after just 150 seconds of inactivity, > instead of 5 days. In addition, the hard-coded 30 second offload timeout > period can significantly increase the hardware insertion rate requirements > in some use cases. > > This patchset provides the user with the ability to configure protocol > specific offload timeout and pickup intervals via sysctl. > The first and second patches introduce the sysctl configuration for > tcp and udp protocols. The last patch modifies nf flow table aging > mechanisms to use the configured time intervals. Series applied, thanks.
