net/sched: act_ct: Offload only ASSURED connections

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Short-lived connections increase the insertion rate requirements,
fill the offload table and provide very limited offload value since
they process a very small amount of packets. The ct ASSURED flag is
designed to filter short-lived connections for early expiration.

Offload connections when they are ESTABLISHED and ASSURED.

Signed-off-by: Chris Mi <cmi@nvidia.com>
Reviewed-by: Oz Shlomo <ozsh@nvidia.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Chris Mi and committed by

David S. Miller 4 years ago 43332cf9 119c1a33

+2 -1

1 changed file

expand all

net

sched

act_ct.c

+2 -1

net/sched/act_ct.c

··· 393 393 { 394 394 bool tcp = false; 395 395 396 - if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 396 + if ((ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) || 397 + !test_bit(IPS_ASSURED_BIT, &ct->status)) 397 398 return; 398 399 399 400 switch (nf_ct_protonum(ct)) {