Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw refresh bit"

[Pablo Neira Ayuso]

Hi,

On Mon, Jun 14, 2021 at 09:34:40PM +0200, Aleksander Jan Bajkowski wrote:
> This reverts commit c07531c01d8284aedaf95708ea90e76d11af0e21.
>
> The previously mentioned commit significantly reduces NAT performance
> in OpenWRT. Another user reports a high ping issue. The results of
> IPv4 NAT benchmark on BT Home Hub 5A (with software flow offloading):
> * 5.4.124             515 Mb/s
> * 5.10.41             570 Mb/s
> * 5.10.42             250 Mb/s
> * 5.10.42 + revert    580 Mb/s
>
> Reverting this commit fixes this issue.

The xt_flowoffload module is inconditionally setting on the hardware
offload flag:

static int __init xt_flowoffload_tg_init(void)
{
       int ret;

       register_netdevice_notifier(&flow_offload_netdev_notifier);

       ret = init_flowtable(&flowtable[0]);
       if (ret)
               return ret;

       ret = init_flowtable(&flowtable[1]);
       if (ret)
               goto cleanup;

       flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
[...]

which is triggering the slow down because packet path is allocating
work to offload the entry to hardware, however, this driver does not
support for hardware offload.

Probably this module can be updated to unset the flowtable flag if the
harware does not support hardware offload.