[PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"

From: Aleksander Jan Bajkowski
Date: Mon Jun 14 2021 - 15:34:48 EST

Next message: Florian Fainelli: "Re: [PATCH 5.10 000/131] 5.10.44-rc1 review"
Previous message: Dave Hansen: "Re: [patch 09/41] x86/kvm: Avoid looking up PKRU in XSAVE buffer"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This reverts commit c07531c01d8284aedaf95708ea90e76d11af0e21.

The previously mentioned commit significantly reduces NAT performance
in OpenWRT. Another user reports a high ping issue. The results of
IPv4 NAT benchmark on BT Home Hub 5A (with software flow offloading):
* 5.4.124 515 Mb/s
* 5.10.41 570 Mb/s
* 5.10.42 250 Mb/s
* 5.10.42 + revert 580 Mb/s

Reverting this commit fixes this issue.

Fixes: c07531c01d8284aedaf95708ea90e76d11af0e21 ("netfilter: flowtable: Remove redundant hw refresh bit")
Signed-off-by: Aleksander Jan Bajkowski <olek2@xxxxx>
---
include/net/netfilter/nf_flow_table.h | 1 +
net/netfilter/nf_flow_table_core.c | 3 ++-
net/netfilter/nf_flow_table_offload.c | 7 +++----
3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 48ef7460ff30..51d8eb99764d 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -157,6 +157,7 @@ enum nf_flow_flags {
NF_FLOW_HW,
NF_FLOW_HW_DYING,
NF_FLOW_HW_DEAD,
+ NF_FLOW_HW_REFRESH,
NF_FLOW_HW_PENDING,
};

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 1d02650dd715..39c02d1aeedf 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -306,7 +306,8 @@ void flow_offload_refresh(struct nf_flowtable *flow_table,
{
flow->timeout = nf_flowtable_time_stamp + NF_FLOW_TIMEOUT;

- if (likely(!nf_flowtable_hw_offload(flow_table)))
+ if (likely(!nf_flowtable_hw_offload(flow_table) ||
+ !test_and_clear_bit(NF_FLOW_HW_REFRESH, &flow->flags)))
return;

nf_flow_offload_add(flow_table, flow);
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 528b2f172684..2af7bdb38407 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -902,11 +902,10 @@ static void flow_offload_work_add(struct flow_offload_work *offload)

err = flow_offload_rule_add(offload, flow_rule);
if (err < 0)
- goto out;
-
- set_bit(IPS_HW_OFFLOAD_BIT, &offload->flow->ct->status);
+ set_bit(NF_FLOW_HW_REFRESH, &offload->flow->flags);
+ else
+ set_bit(IPS_HW_OFFLOAD_BIT, &offload->flow->ct->status);

-out:
nf_flow_offload_destroy(flow_rule);
}

--
2.30.2

Next message: Florian Fainelli: "Re: [PATCH 5.10 000/131] 5.10.44-rc1 review"
Previous message: Dave Hansen: "Re: [patch 09/41] x86/kvm: Avoid looking up PKRU in XSAVE buffer"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]