Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2219406rdg; Sun, 15 Oct 2023 17:46:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE5UF2gd2zywaDJlw3HZsG8syHbmxeNo2ZWFnBt+yboALPk1HZR5tYeMocZxUv+mlWfSdb4 X-Received: by 2002:a05:6808:1c4:b0:3a7:6213:6897 with SMTP id x4-20020a05680801c400b003a762136897mr30382530oic.11.1697417162656; Sun, 15 Oct 2023 17:46:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697417162; cv=none; d=google.com; s=arc-20160816; b=QqvBT6ZHW4Vkv7IFnE2ASjKygPK2lapxorLmmGwOaaLnFOAVTYOC6CqFGIPIpXazH5 QV7WbgIL5/Wf9WzOwsicjWBWBigUefpmpQjgHvGTGUUa4sVPZH0lnI2SdHWobzmIVcyN Cc5WLqbtqvLA8JMh+Jq7BWvHjd/NlwkdfplIlSi2SXJyF65AyNMTlXyrLL1xyV5sOkHq GMpTttITjManAga5pIGpqESf2Cp3HunzjFxjc9zsQN4ZU9W1P5UiCjT6k0YPZNyOGscI eC2J27kpstawV/4DeE3sTkdX+mGECfmEYQLgTrxwg+oXbum8L0ov0IoWEYI4PpHR0VVe 4y4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=J7+oJHozaJp3ARwDpXhkbVM/mB5nFnC7YhE1nMQs+T4=; fh=JZS8MWBf+P3VWSZSGvAL6lxd0YVND0SosCq9q+KYiy4=; b=FRyNDFAItdPC2dGvYx7r8pIhRf05YmZ4pz5Op4nEUCx/j+SeFTpnDD5WKlc79DWEnO CHqs+qM/lfYrg6ZvmPuFg9mEUevylkhd1pWjYjSXcKfpgAtEcy9nFUp/qnEsZImKBDKd +SwYy4F5faGW7s5JoWj90Ug5FpkfyjJcVXz4s6I+n7Beq9kJzHoLYH7sb2ZmlcgF/GCe qmrlaCz5du2QAZkqhMdBygtW8UpKHEmVXUUtZbUJ9PXRAB1VViGqtDtluVyYhGMGiUJL YTbYPKS73GwAr3vSXdxsylxKR9DvIWdImtmdIHAd+zSMbwe7QwvKTZAlPMHTQNfY/Xfx Pocw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=H5Lioq5q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id w63-20020a638242000000b005ac341a88ccsi5803650pgd.6.2023.10.15.17.46.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Oct 2023 17:46:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=H5Lioq5q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id CC077807D54C; Sun, 15 Oct 2023 17:45:09 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230182AbjJPAUP (ORCPT + 99 others); Sun, 15 Oct 2023 20:20:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbjJPAUO (ORCPT ); Sun, 15 Oct 2023 20:20:14 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E957E95; Sun, 15 Oct 2023 17:20:12 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-564b6276941so2913880a12.3; Sun, 15 Oct 2023 17:20:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697415612; x=1698020412; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=J7+oJHozaJp3ARwDpXhkbVM/mB5nFnC7YhE1nMQs+T4=; b=H5Lioq5qmpGifqA6SvWPci0idUCzLn1sTwxXBI44W7s7aACMgPxsIx9a/ZfaMdxJqq /gPD9xwnTamQLP/WUxu/D8hkV++dFwuRTLJoGRyrayzjMNXgxsRtS3AA7kjXAAgSidLR 0z09wb4m6u038ZHU+uRICQZ6f8BGdRkWqx++ffMAUn75feSQmW7kTcN6yRAZ1bjcjTeW 13VdwJG1vKrBDfOjdVnBEyD684YWvf+9G1CW5s7OEFKT+hZJUkXv4r+pNbWZYEphBHLS 3VVP9IjDI8RLdBXSZkMP+ch8D2PWF9DrYNhLOrpG/8z8BurFT7P9jNoafqajv+swiJtO wXhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697415612; x=1698020412; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J7+oJHozaJp3ARwDpXhkbVM/mB5nFnC7YhE1nMQs+T4=; b=kAuvRCrKLCVbErky284Rq36AmGHLIZbhGVLOn1yiB8zBXIX5y7jFOaFyV0LNPVa/RC C4j3yWvzIQkJKux/hx8QLcth2ECMOy9I+xjKV/aruy2SOFRu/N2Pg2n6tkXoaVvnmOLP yLoFdegkLDX6OCjuIDWjMTCyjT9QW3lsc91pQ/ys0ctH9f+am1Yw9su8475kr2Jqp2qx jDQMBFCDXfqxQI7N95fh5cXgy7jmgxsAN2yMb2ny5vJMnnDpvjtb6EkPqmXChPGuxyKO gg81pqFJ3ydLiGpk05E0R2erQ11SnkLn5nKA8fJ384BDPLG0A1qOmXhtaDfXbAWchQ1X 2sQQ== X-Gm-Message-State: AOJu0Yyjp6UVBYhjzWiZygBCiyJmHQ18i6ydKlhXlPOHERqcQNCPPeQ1 5sXtLHh4otjJYft3v8OkNx0= X-Received: by 2002:a05:6a20:7f95:b0:140:3aa:e2ce with SMTP id d21-20020a056a207f9500b0014003aae2cemr43344864pzj.42.1697415612184; Sun, 15 Oct 2023 17:20:12 -0700 (PDT) Received: from debian.me ([103.131.18.64]) by smtp.gmail.com with ESMTPSA id x6-20020a170902ec8600b001c44c8d857esm7208939plg.120.2023.10.15.17.20.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Oct 2023 17:20:11 -0700 (PDT) Received: by debian.me (Postfix, from userid 1000) id 3520A801B59F; Mon, 16 Oct 2023 07:20:07 +0700 (WIB) Date: Mon, 16 Oct 2023 07:20:06 +0700 From: Bagas Sanjaya To: Vladimir Smelhaus , Linux Netfilter , coreteam@netfilter.org, Linux Kernel Mailing List , Linux Regressions Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Subject: Re: Flowtables ignore timeout settings in recent kernels Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="N2rAuLPZGqdFV0iZ" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sun, 15 Oct 2023 17:45:10 -0700 (PDT) --N2rAuLPZGqdFV0iZ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 15, 2023 at 09:56:14PM +0200, Vladimir Smelhaus wrote: > Netfilter ignores the timeout settings for a flowtable >=20 > # sysctl -a -r flowtable > net.netfilter.nf_flowtable_tcp_timeout =3D 30 > net.netfilter.nf_flowtable_udp_timeout =3D 30 >=20 > Situation. A long udp connection (tunnel) with some data flowing through a > router. The connection is sent to a flowtable on the router. It's a few > packets per second, more here and there, a pause here and there, and so on > over and over. The pauses are minimal and are also limited by the tunnel > settings to be no longer than 25 seconds. Everything is satisfying to make > the connection last continuously in the flowtable and not reappear in > forward. However, the connection keeps dropping out of the flowtable. It > stays in the flowtable (offloaded) for a second at most and then it is > kicked out, back to forward. >=20 > In an attached test script you can see counters that should be zero but a= re not. If I watch the normal packet flow on a particular router, I can see= packets in the conntrack table that should be OFFLOAD as ASSURED. >=20 > Tested in kernel 6.5.6. In an old(er) kernel 5.10 it works as expected. >=20 Then please perform bisection to find a culprit that introduces your regression (see Documentation/admin-guide/bug-bisect.rst in the kernel sources for reference). Also, it'd been great if you also post the reproducer script inline (within your email) instead, as some MUAs (like mutt that I'm using now) may ignore the attachment. Anyway, thanks for the regression report. I'm adding it to regzbot: #regzbot ^introduced: v5.10..v6.5 --=20 An old man doll... just what I always wanted! - Clara --N2rAuLPZGqdFV0iZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSSYQ6Cy7oyFNCHrUH2uYlJVVFOowUCZSyBsAAKCRD2uYlJVVFO oxD9AQDAp/pXr+d44wTxEyg9copCJnaEVKIixfFsamXwbWpI/QD/W2ZAb9J8yPcv V/en2pgBB1CgZDhm7JzlxcWUrsKROwM= =u4d8 -----END PGP SIGNATURE----- --N2rAuLPZGqdFV0iZ--