Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel: Backport upstream flowtable patches from 5.15 #10422

Closed
wants to merge 1 commit into from
Closed

kernel: Backport upstream flowtable patches from 5.15 #10422

wants to merge 1 commit into from

Conversation

hauke
Copy link
Member

@hauke hauke commented Aug 8, 2022

This backports some patches from kernel 5.15 to fix issues with
flowtable offloading in kernel 5.10. OpenWrt backports most of the
patches related to flowtable offloading from kernel 5.15 already, but we
are missing some of the extra fixes.

This fixes some connection tracking problems when a flow gets removed
from the offload and added to the normal SW path again.

The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was
extended manually with the nf_conntrack_tcp_established() function.

All changes are already included in kernel 5.15.

Fixes: #8776
Signed-off-by: Hauke Mehrtens hauke@hauke-m.de

@rodsmar
Copy link
Contributor

rodsmar commented Aug 9, 2022

This patch seems good! Congratulations, @hauke !

After merge, can you backport this in 22.03 branch?

@hauke
Copy link
Member Author

hauke commented Aug 9, 2022

I haven' tested this yet.
@rodsmar How did you test it It would be nice to know in which scenario you saw which improvements.

@Shine-
Copy link

Shine- commented Aug 10, 2022
edited

The issue can be reproduced quite easily:

  • Install vanilla 22.03.0-rc6 (or any kernel 5.10 build)
  • Enable software flow offload
uci set firewall.@defaults[0].flow_offloading='1'
uci commit
fw4 restart
  • From your PC (not your OpenWRT device) SSH to a known stable host
  • Keep working normally, but don't touch your SSH session
  • Keep your SSH session idle for a few minutes (must be significantly more than 2min, since this issue is about a hardcoded 2min timeout), then try using the SSH session again
  • Your session will close with either client_loop: send disconnect: broken pipe or client_loop: send disconnect: connection reset
  • Alternatively: use a command line similar to the description in FS#3759 - Idle ssh Connection exits with: client_loop: send disconnect: Broken pipe #8776
watch 'sleep 300 ; date'
  • Wait >5min. Likely, you won't even see the first 'date' output.
  • Upon pressing Ctrl+C, you'll see the 'broken pipe' or 'connection reset' error mentioned above.

To see that this PR fixes the issue:

  • Try the above again with this PR applied
  • Your SSH session will stay online indefinitely (or until the host logs you off).
  • In case you used the above command example, you'll see a 'date' output every 5 minutes, indefinitely, or until the host logs you off.

Tested just now on an ath79 (QCA9563) device.

@aparcar
Copy link
Member

aparcar commented Aug 10, 2022

@Shine- did you check if this PR fixes the described test case?

@Shine-
Copy link

Shine- commented Aug 10, 2022

Yes, see the last sentence of my previous comment:

Tested just now on an ath79 (QCA9563) device.

@hauke
kernel: Backport upstream flowtable patches from 5.15
7028dbf 
This backports some patches from kernel 5.15 to fix issues with
flowtable offloading in kernel 5.10. OpenWrt backports most of the
patches related to flowtable offloading from kernel 5.15 already, but we
are missing some of the extra fixes.

This fixes some connection tracking problems when a flow gets removed
from the offload and added to the normal SW path again.

The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was
extended manually with the nf_conntrack_tcp_established() function.

All changes are already included in kernel 5.15.

Fixes: openwrt#8776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
@aparcar
Copy link
Member

aparcar commented Aug 11, 2022

@hauke the CI looks happy, please merge.

@aparcar aparcar mentioned this pull request Aug 11, 2022
Closed
@hauke
Copy link
Member Author

hauke commented Aug 11, 2022

Thank you for your patch, I applied it to master in 96ef2da.

@hauke hauke closed this Aug 11, 2022
@Shine-
Copy link

Shine- commented Aug 13, 2022

Thanks very much, and please don't forget to apply it to 22.03 as well, prior to tagging the release - that's what this was all about!

@hauke hauke deleted the flow-offload branch August 28, 2022 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aparcar aparcar aparcar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FS#3759 - Idle ssh Connection exits with: client_loop: send disconnect: Broken pipe
4 participants
@hauke @rodsmar @Shine- @aparcar