From: Florian Westphal <fw@strlen.de>
To: Julian Anastasov <ja@ssi.bg>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org, brouer@redhat.com,
netdev@vger.kernel.org
Subject: Re: [RFC PATCH] netfilter: conntrack: cache route for forwarded connections
Date: Tue, 2 Dec 2014 11:21:14 +0100 [thread overview]
Message-ID: <20141202102114.GD16959@breakpoint.cc> (raw)
In-Reply-To: <alpine.LFD.2.11.1412020827260.1593@ja.home.ssi.bg>
Julian Anastasov <ja@ssi.bg> wrote:
> > The cached dst is re-used provided the input interface
> > is the same as that of the previous packet in the same direction.
> >
> > If not, the cached dst is invalidated.
> >
> > This should speed up forwarding when conntrack is already in use
> > anyway, especially when using reverse path filtering -- active RPF
> > enforces two FIB lookups for each packet.
> >
> > Before the routing cache removal this didn't matter since RPF
> > was performed only when route cache didn't yield a result; but without
> > route cache it comes at high price.
> >
> > Signed-off-by: Florian Westphal <fw@strlen.de>
> > ---
> > Sending as RFC since I haven't tested this yet (aside from
> > single-forwarded-flow), so no performance data either.
> >
> > - doesn't work when iif changes (it invalidates cached dst), don't
> > think its a problem
>
> The idea is good. But code that caches dsts should
> also handle at least NETDEV_UNREGISTER (NETDEV_DOWN being
> another option) to release dsts. Holding dsts for frozen
> conns in EST state for long time is a problem.
Okay, point taken. Thanks Julian.
prev parent reply other threads:[~2014-12-02 10:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-02 0:28 [RFC PATCH] netfilter: conntrack: cache route for forwarded connections Florian Westphal
2014-12-02 1:36 ` Eric Dumazet
2014-12-02 10:20 ` Florian Westphal
2014-12-02 7:15 ` Julian Anastasov
2014-12-02 10:21 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202102114.GD16959@breakpoint.cc \
--to=fw@strlen.de \
--cc=brouer@redhat.com \
--cc=ja@ssi.bg \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.