mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-23 14:24:25 +08:00
4592ee7f52
These two sysctls were added because the hardcoded defaults (2 minutes, tcp, 30 seconds, udp) turned out to be too low for some setups. They appeared in 5.14-rc1 so it should be fine to remove it again. Marcelo convinced me that there should be no difference between a flow that was offloaded vs. a flow that was not wrt. timeout handling. Thus the default is changed to those for TCP established and UDP stream, 5 days and 120 seconds, respectively. Marcelo also suggested to account for the timeout value used for the offloading, this avoids increase beyond the value in the conntrack-sysctl and will also instantly expire the conntrack entry with altered sysctls. Example: nf_conntrack_udp_timeout_stream=60 nf_flowtable_udp_timeout=60 This will remove offloaded udp flows after one minute, rather than two. An earlier version of this patch also cleared the ASSURED bit to allow nf_conntrack to evict the entry via early_drop (i.e., table full). However, it looks like we can safely assume that connection timed out via HW is still in established state, so this isn't needed. Quoting Oz: [..] the hardware sends all packets with a set FIN flags to sw. [..] Connections that are aged in hardware are expected to be in the established state. In case it turns out that back-to-sw-path transition can occur for 'dodgy' connections too (e.g., one side disappeared while software-path would have been in RETRANS timeout), we can adjust this later. Cc: Oz Shlomo <ozsh@nvidia.com> Cc: Paul Blakey <paulb@nvidia.com> Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Reviewed-by: Oz Shlomo <ozsh@nvidia.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| ABI | ||
| accounting | ||
| admin-guide | ||
| arm | ||
| arm64 | ||
| block | ||
| bpf | ||
| cdrom | ||
| core-api | ||
| cpu-freq | ||
| crypto | ||
| dev-tools | ||
| devicetree | ||
| doc-guide | ||
| driver-api | ||
| fault-injection | ||
| fb | ||
| features | ||
| filesystems | ||
| firmware_class | ||
| firmware-guide | ||
| fpga | ||
| gpu | ||
| hid | ||
| hwmon | ||
| i2c | ||
| ia64 | ||
| ide | ||
| iio | ||
| infiniband | ||
| input | ||
| isdn | ||
| kbuild | ||
| kernel-hacking | ||
| leds | ||
| litmus-tests | ||
| livepatch | ||
| locking | ||
| m68k | ||
| maintainer | ||
| mhi | ||
| mips | ||
| misc-devices | ||
| netlabel | ||
| networking | ||
| nios2 | ||
| nvdimm | ||
| openrisc | ||
| parisc | ||
| PCI | ||
| pcmcia | ||
| power | ||
| powerpc | ||
| process | ||
| RCU | ||
| riscv | ||
| s390 | ||
| scheduler | ||
| scsi | ||
| security | ||
| sh | ||
| sound | ||
| sparc | ||
| sphinx | ||
| sphinx-static | ||
| spi | ||
| staging | ||
| target | ||
| timers | ||
| trace | ||
| translations | ||
| usb | ||
| userspace-api | ||
| virt | ||
| vm | ||
| w1 | ||
| watchdog | ||
| x86 | ||
| xtensa | ||
| .gitignore | ||
| arch.rst | ||
| asm-annotations.rst | ||
| atomic_bitops.txt | ||
| atomic_t.txt | ||
| Changes | ||
| CodingStyle | ||
| conf.py | ||
| COPYING-logo | ||
| docutils.conf | ||
| dontdiff | ||
| index.rst | ||
| Kconfig | ||
| logo.gif | ||
| Makefile | ||
| memory-barriers.txt | ||
| SubmittingPatches | ||
| watch_queue.rst | ||
