From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: [RFC PATCH] netfilter: conntrack: cache route for forwarded connections Date: Tue, 2 Dec 2014 11:21:14 +0100 Message-ID: <20141202102114.GD16959@breakpoint.cc> References: <1417480114-3002-1-git-send-email-fw@strlen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Florian Westphal , netfilter-devel@vger.kernel.org, brouer@redhat.com, netdev@vger.kernel.org To: Julian Anastasov Return-path: Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:60721 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751873AbaLBKVT (ORCPT ); Tue, 2 Dec 2014 05:21:19 -0500 Content-Disposition: inline In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: Julian Anastasov wrote: > > The cached dst is re-used provided the input interface > > is the same as that of the previous packet in the same direction. > > > > If not, the cached dst is invalidated. > > > > This should speed up forwarding when conntrack is already in use > > anyway, especially when using reverse path filtering -- active RPF > > enforces two FIB lookups for each packet. > > > > Before the routing cache removal this didn't matter since RPF > > was performed only when route cache didn't yield a result; but without > > route cache it comes at high price. > > > > Signed-off-by: Florian Westphal > > --- > > Sending as RFC since I haven't tested this yet (aside from > > single-forwarded-flow), so no performance data either. > > > > - doesn't work when iif changes (it invalidates cached dst), don't > > think its a problem > > The idea is good. But code that caches dsts should > also handle at least NETDEV_UNREGISTER (NETDEV_DOWN being > another option) to release dsts. Holding dsts for frozen > conns in EST state for long time is a problem. Okay, point taken. Thanks Julian.