Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp716082pxu; Wed, 14 Oct 2020 11:47:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybOZGHi+ET1AS+xk4WjlGj3JSxmRZFfZNIZ2eiYtTqzD0gciP9xaC1uTijwMj65pWi3uf2 X-Received: by 2002:a17:906:86c3:: with SMTP id j3mr409196ejy.493.1602701221943; Wed, 14 Oct 2020 11:47:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1602701221; cv=none; d=google.com; s=arc-20160816; b=EpClH5oWscDTVqlN6gLZJgkMWPFe2fhHP0F3ZRdpVSSOiEiBgLxTbdYbfv1ygQcOuF IrN65hiFtBubBBxbQl3NkuAjTOWY+uYdheXWSG9aq7ew5Khs1Hi3MIloKaXB1FcpaslM f4TGadU3GXrFQ/QnZNK9exlGJgmg0XS+ZEh96xuDe/tnkkDrn621p3BqhmKUvGc/LxDo ABEghJo6EjLIVVZm+Zl+lDuSaTJczprAfVB1E7E3vw2sipdtx/UXhj/zOfYYLSL5jIe5 3YSMbitg1TavDgjUjvmfg6Ej2OsNHnYni1pbQj9tJdUHeeOvysPk313iMSRxZQSot59J zGbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=nzVrMLIzd2NJNSjMO8OI5J6MD83xLrIUxyRA9FG2Fjs=; b=krqewimu8UkM7wJQe3iDiFSmFpZwIGLW/7s3s59f5qyL1IGJMjeI4sL4s5q0s6qU6F rkc2ExTxU+scFGNIOqlTNwRAXJkiszQLDAJr8VqPqiJHcDlStuVe2cDonqQnDDbBCYJp O8c9259SaldaImx1HX0sgge5jm4iDmE9x9ZLvrqe0qn3Hfly6gghH1/Nbr9L9JumZM/6 HFy96CHJYJs6r6Orj95HP9qhLA0G78JRAoiSd8jQS0qqN4el+XgDE61xp8sQGxZIjKOs JjWZ4EyYZfqJ55z+v36oLUKS17y/4mZ3RsoA/JYBFVrzbXRa+e/GKqQXbTKIu6lVxtj2 pSsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b="aofWv/lf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pg18si346074ejb.467.2020.10.14.11.46.38; Wed, 14 Oct 2020 11:47:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b="aofWv/lf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388981AbgJNSnH (ORCPT + 99 others); Wed, 14 Oct 2020 14:43:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730065AbgJNSnH (ORCPT ); Wed, 14 Oct 2020 14:43:07 -0400 Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24AFEC0613D3 for ; Wed, 14 Oct 2020 11:43:07 -0700 (PDT) Received: by mail-qt1-x842.google.com with SMTP id m9so51079qth.7 for ; Wed, 14 Oct 2020 11:43:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nzVrMLIzd2NJNSjMO8OI5J6MD83xLrIUxyRA9FG2Fjs=; b=aofWv/lfQ8/pgq5zty/oAa21hlSmBDFeBCQpAR+UxhKj0jeQBAqt68YgYBHt647D0q +CYkdC7RFnWLh4yMn9AsxHQ5Hzm2kbUt+KbUwJ79/S98rsYrmN1sy7ffaQeuYxsi8VpL RdOkrnRJcCvJVvxzTTCCNjR9w08nHxwajbjDHRDczK+SW99MiOLZVSTstqCW3FVQyXvx 0fV2r/3Wb9cDScjSI7eO5Dola4zPddt3aiLpnm/EJBYv0Jo8wGTlUIQaCuVsqNMUHhtp aeTY+c/IHbKZ9Y12o+Hx+ci5UlBzj2WRSq42MoCWknNnCE/gGhbv7jDm+6WSISMKjRCu nMMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nzVrMLIzd2NJNSjMO8OI5J6MD83xLrIUxyRA9FG2Fjs=; b=F1zgiNPjeZjHuAhEr1OTXXf6s1rBsfSxXaiTXCkCVOJI/6ffzLR6O0aiV5Emj50Hpt oHFQXQ7BVeKK/xwHxzpDvJqgCw+Qw6nP2UvtKA+9xOWh3Abf/tlxy1Smj4/OkeYnmQwD yq1mg217+LkVhkuKLg38pRikItTMBjWWrcUgSpgN4m3APzQ2DQ5XPgNnuurto5pcQ0H2 soitFTdeMDHtY5zWDPySc1imPnydmmP0kBE9t7uvJkyUTc15/NJg97HNzYd3PDASqSOi SDKMpHhPUedC8PjjkikS9XHKflwuixqWeX+1MQL/M35pOaXHYKRvGk4lCT+rhE5i02Wd xAZg== X-Gm-Message-State: AOAM532eOvs3dbtMxRwQ/KhVqBwAierPH8xUOGCe4E0IHmuJhyTPCf+8 PgabBbSQkdDM6t0fxBjgSAwLcQmiUurZstb93jO+zg== X-Received: by 2002:ac8:bc9:: with SMTP id p9mr596373qti.50.1602700986146; Wed, 14 Oct 2020 11:43:06 -0700 (PDT) MIME-Version: 1.0 References: <20201007193252.7009D95C169C@us180.sjc.aristanetworks.com> <20201009110323.GC5723@breakpoint.cc> <20201009185552.GF5723@breakpoint.cc> <20201009200548.GG5723@breakpoint.cc> <20201014000628.GA15290@salvia> <20201014082341.GA16895@breakpoint.cc> In-Reply-To: <20201014082341.GA16895@breakpoint.cc> From: Francesco Ruggeri Date: Wed, 14 Oct 2020 11:42:55 -0700 Message-ID: Subject: Re: [PATCH nf v2] netfilter: conntrack: connection timeout after re-register To: Florian Westphal Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , open list , netdev , coreteam@netfilter.org, netfilter-devel@vger.kernel.org, Jakub Kicinski , David Miller Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 14, 2020 at 1:23 AM Florian Westphal wrote: > > Pablo Neira Ayuso wrote: > > Legacy would still be flawed though. > > Its fine too, new rule blob gets handled (and match/target checkentry > called) before old one is dismantled. > > We only have a 0 refcount + hook unregister when rules get > flushed/removed explicitly. Should the patch be used in the meantime while this gets worked out? Francesco