Re: ctnetlink delete conntrack performance

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marcus Sundberg <marcus@ingate.com>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: ctnetlink delete conntrack performance
Date: Tue, 15 Mar 2005 19:29:24 +0100	[thread overview]
Message-ID: <42372984.9090807@ingate.com> (raw)
In-Reply-To: <422C5370.9050204@trash.net>

Patrick McHardy wrote:
> Marcus Sundberg wrote:
> 
>> When the CTNL_MSG_DELCONNTRACK function of the ctnetlink patch is
>> used it calls ip_ct_selective_cleanup() to remove the conntrack.
>>
>> This is highly ineffective (depending on how many hash buckets you
>> have ofcourse - I had 131007 of them when performing the test :-)
>>
>> Is there any reason I'm missing (except that maybe the code should
>> go into it's own function) for not simply doing it this way:
> 
> 
> You can't drop the reference before calling the timeout function.

Makes sense ofcourse, so just reversing the calls should be fine?

> BTW: There is no ip_ct_death_by_timeout() AFAICT. Can you send a
> new patch ?

Sure, what is the prefered form? There are currently two versions of the
original patch in netfilter SVN: netfilter-ha/patches/nfnetlink-ctnetlink.patch
and patch-o-matic-ng/nfnetlink-ctnetlink-0.13. Do you prefer a patch against
any of the patches, a patch replacing any of them, or a patch against the
patched code? :-)

Also, is there anyone else working on ctnetlink currently, or planning
to work on it? Is the goal to get it into the standard kernel, and if
so what must be done before that?

//Marcus
-- 
---------------------------------------+--------------------------
   Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
  Software Developer, Ingate Systems AB |  http://www.ingate.com/

next prev parent reply	other threads:[~2005-03-15 18:29 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-07 11:25 ctnetlink delete conntrack performance Marcus Sundberg
2005-03-07 13:13 ` Patrick McHardy
2005-03-15 18:29   ` Marcus Sundberg [this message]
2005-03-15 18:57     ` Patrick McHardy
2005-03-15 22:47       ` Pablo Neira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42372984.9090807@ingate.com \
    --to=marcus@ingate.com \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.