Do additional checks for outdated flows
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Jammy |
Fix Committed
|
Undecided
|
Unassigned | ||
Bug Description
* Explain the bug
Current nf_flow_
which state diverged from its underlying CT connection status for teardown
which can be problematic in the following cases:
- Flow has never been offloaded to hardware in the first place either
because flow table has hardware offload disabled (flag
NF_FLOWTABLE_
workqueue to be offloaded for the first time. The former is incorrect, the
later generates excessive deletions and additions of flows.
- Flow is already pending to be updated on the workqueue. Tearing down such
flows will also generate excessive removals from the flow table, especially
on highly loaded system where the latency to re-offload a flow via 'add'
workqueue can be quite high.
* Brief explanation of fixes
When considering a flow for teardown as outdated verify that it is both
offloaded to hardware and doesn't have any pending updates.
* How to test
Test conntrack with 500k UDP flows and see if all 500k flows are offloaded
* What it could break
N/A
| Changed in linux-bluefield (Ubuntu): | |
| status: | New → Invalid |
| Changed in linux-bluefield (Ubuntu Jammy): | |
| status: | New → Fix Committed |
| Bartlomiej Zolnierkiewicz (bzolnier) wrote | #1 |
| tags: | added: verification-needed-jammy |
| tags: |
added: verification-done-jammy removed: verification-needed-jammy |
This bug is awaiting verification that the linux-bluefield
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/