1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Fri, 6 May 2022 12:37:23 +0200
3 Subject: [PATCH] netfilter: flowtable: fix excessive hw offload attempts
6 If a flow cannot be offloaded, the code currently repeatedly tries again as
7 quickly as possible, which can significantly increase system load.
8 Fix this by limiting flow timeout update and hardware offload retry to once
11 Signed-off-by: Felix Fietkau <nbd@nbd.name>
14 --- a/net/netfilter/nf_flow_table_core.c
15 +++ b/net/netfilter/nf_flow_table_core.c
16 @@ -329,8 +329,10 @@ void flow_offload_refresh(struct nf_flow
19 timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
20 - if (READ_ONCE(flow->timeout) != timeout)
21 + if (timeout - READ_ONCE(flow->timeout) > HZ)
22 WRITE_ONCE(flow->timeout, timeout);
26 if (likely(!nf_flowtable_hw_offload(flow_table)))