Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: 1) Skip non-SCTP packets in the new SCTP chunk support for nft_exthdr, from Phil Sutter. 2) Simplify TCP option sanity check for TCP packets, also from Phil. 3) Add a new expression to store when the rule has been used last time. 4) Pass the hook state object to log function, from Florian Westphal. 5) Document the new sysctl knobs to tune the flowtable timeouts, from Oz Shlomo. 6) Fix snprintf error check in the new nfnetlink_hook infrastructure, from Dan Carpenter. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2021-06-23 12:31:28 -0700
committer: David S. Miller <davem@davemloft.net> 2021-06-23 12:31:28 -0700
commit: a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4 (patch)
tree: 72f7b2ce595c5c4b1c49b12eb37e8c21564ba6de /Documentation/networking
parent: selftests: icmp_redirect: support expected failures (diff)
parent: netfilter: nfnetlink_hook: fix check for snprintf() overflow (diff)
download: linux-dev-a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4.tar.xz
linux-dev-a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst
index 11a9b76786cb..0467b30e4abe 100644
--- a/Documentation/networking/nf_conntrack-sysctl.rst
+++ b/Documentation/networking/nf_conntrack-sysctl.rst
@@ -177,3 +177,27 @@ nf_conntrack_gre_timeout_stream - INTEGER (seconds)
 
 	This extended timeout will be used in case there is an GRE stream
 	detected.
+
+nf_flowtable_tcp_timeout - INTEGER (seconds)
+        default 30
+
+        Control offload timeout for tcp connections.
+        TCP connections may be offloaded from nf conntrack to nf flow table.
+        Once aged, the connection is returned to nf conntrack with tcp pickup timeout.
+
+nf_flowtable_tcp_pickup - INTEGER (seconds)
+        default 120
+
+        TCP connection timeout after being aged from nf flow table offload.
+
+nf_flowtable_udp_timeout - INTEGER (seconds)
+        default 30
+
+        Control offload timeout for udp connections.
+        UDP connections may be offloaded from nf conntrack to nf flow table.
+        Once aged, the connection is returned to nf conntrack with udp pickup timeout.
+
+nf_flowtable_udp_pickup - INTEGER (seconds)
+        default 30
+
+        UDP connection timeout after being aged from nf flow table offload.
author	David S. Miller <davem@davemloft.net>	2021-06-23 12:31:28 -0700
committer	David S. Miller <davem@davemloft.net>	2021-06-23 12:31:28 -0700
commit	a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4 (patch)
tree	72f7b2ce595c5c4b1c49b12eb37e8c21564ba6de /Documentation/networking
parent	selftests: icmp_redirect: support expected failures (diff)
parent	netfilter: nfnetlink_hook: fix check for snprintf() overflow (diff)
download	linux-dev-a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4.tar.xz linux-dev-a7b62112f0abf58a7f6d2bdfef40b637a4a1c4d4.zip