From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 2/5] netfilter: flowtable: consolidate xmit path
Date: Tue, 28 Oct 2025 00:48:02 +0100 [thread overview]
Message-ID: <aQAEssvnuJmLLaVb@calendula> (raw)
In-Reply-To: <aOuebEc_iHm6r3u0@strlen.de>
On Sun, Oct 12, 2025 at 02:26:20PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > Use dev_queue_xmit() for the XMIT_NEIGH case. Store the interface index
> > of the real device behind the vlan/pppoe device, this introduces an
> > extra lookup for the real device in the xmit path because rt->dst.dev
> > provides the vlan/pppoe device.
>
> Will this scale? netdev_by_index only has a fixed table of 256 slots,
> so with 8k vlans or so this will have a 30-ish netdev list walk.
>
> [ EDIT: I see now that nf_flow_queue_xmit() already does that.
> So I guess its either not an issue or not yet and it can be
> optimized later. So disregard this ]
Yes, that will need a look closer or later.
> > case FLOW_OFFLOAD_XMIT_NEIGH:
> > rt = dst_rtable(tuplehash->tuple.dst_cache);
> > - outdev = rt->dst.dev;
> > - skb->dev = outdev;
> > - nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
> > + xmit.outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.ifidx);
>
> Why do this if we already have dst_cache?
This is to skip one level of indirection, ie. dst_cache points to the
vlan device, not the real device. The idea is that the flowtable gains
control on the xmit path so the flowtable pushes l2/l3 headers and
send the packets directly to the "real" netdevice.
> The above explanation (rt->dst.dev could be a tunnel device, whereas
> the latter fetches phyical / lowest device) from the commit message
> makes that clear; but I think a short comment would help.
Yes, I can add a comment on this.
Thanks.
next prev parent reply other threads:[~2025-10-27 23:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-10 11:18 [PATCH nf-next 0/5] flowtable: consolidate xmit path Pablo Neira Ayuso
2025-10-10 11:18 ` [PATCH nf-next 1/5] netfilter: flowtable: move path discovery infrastructure to its own file Pablo Neira Ayuso
2025-10-12 12:18 ` Florian Westphal
2025-10-10 11:18 ` [PATCH nf-next 2/5] netfilter: flowtable: consolidate xmit path Pablo Neira Ayuso
2025-10-12 12:26 ` Florian Westphal
2025-10-27 23:48 ` Pablo Neira Ayuso [this message]
2025-10-10 11:18 ` [PATCH nf-next 3/5] netfilter: flowtable: inline vlan encapsulation in " Pablo Neira Ayuso
2025-10-10 11:18 ` [PATCH nf-next 4/5] netfilter: flowtable: inline pppoe " Pablo Neira Ayuso
2025-10-10 11:18 ` [PATCH nf-next 5/5] netfilter: flowtable: remove hw_ifidx Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQAEssvnuJmLLaVb@calendula \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).