Oz Shlomo <ozsh@xxxxxxxxxx> wrote: > > When flow transitions back from offload to software, also clear the > > ASSURED bit -- this allows conntrack to early-expire the entry in case > > the table is full. > > Doesn't this introduce a discrpency between offloaded and non-offload connections? > IIUC, offloaded connections might timeout earlier after they are picked up > by the software when the conntrack table is full. Yes, if no packet was seen after the flow got moved back to software and a new connection request is made while table is full. > However, if the same tcp connection was not offloaded it would timeout after 5 days. Yes. The problem is that AFAIU HW may move flow back to SW path after it saw e.g. FIN bit, or after one side went silent (i.e., unacked data). And and in that case, SW path has a lot smaller timeout than the 5day established value. AFAICS there is no way to detect this on generic side and it might even be different depending on hw/driver?
