Hi,
This patchset contains Netfilter fixes for net:
1) Reduce number of hardware offload retries from flowtable datapath
which might hog system with retries, from Felix Fietkau.
2) Skip neighbour lookup for PPPoE device, fill_forward_path() already
provides this and set on destination address from fill_forward_path for
PPPoE device, also from Felix.
4) When combining PPPoE on top of a VLAN device, set info->outdev to the
PPPoE device so software offload works, from Felix.
5) Fix TCP teardown flowtable state, races with conntrack gc might result
in resetting the state to ESTABLISHED and the time to one day. Joint
work with Oz Shlomo and Sven Auhagen.
6) Call dst_check() from flowtable datapath to check if dst is stale
instead of doing it from garbage collector path.
7) Disable register tracking infrastructure, either user-space or
kernel need to pre-fetch keys inconditionally, otherwise register
tracking assumes data is already available in register that might
not well be there, leading to incorrect reductions.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit f3f19f939c11925dadd3f4776f99f8c278a7017b:
Merge tag 'net-5.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2022-05-12 11:51:45 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to 9e539c5b6d9c5b996e45105921ee9dd955c0f535:
netfilter: nf_tables: disable expression reduction infra (2022-05-18 17:34:26 +0200)
----------------------------------------------------------------
Felix Fietkau (4):
netfilter: flowtable: fix excessive hw offload attempts after failure
netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices
net: fix dev_fill_forward_path with pppoe + bridge
netfilter: nft_flow_offload: fix offload with pppoe + vlan
Pablo Neira Ayuso (2):
netfilter: flowtable: fix TCP flow teardown
netfilter: nf_tables: disable expression reduction infra
Ritaro Takenaka (1):
netfilter: flowtable: move dst_check to packet path
drivers/net/ppp/pppoe.c | 1 +
include/linux/netdevice.h | 2 +-
net/core/dev.c | 2 +-
net/netfilter/nf_flow_table_core.c | 60 +++++++-------------------------------
net/netfilter/nf_flow_table_ip.c | 19 ++++++++++++
net/netfilter/nf_tables_api.c | 11 +------
net/netfilter/nft_flow_offload.c | 28 +++++++++++-------
7 files changed, 51 insertions(+), 72 deletions(-)
