On Wed, May 22, 2024 at 23:13:33 -0400, Laine Stump wrote: > > iifname/oifname need to lookup the string that contains the name of > the interface each time a packet is checked, while iif/oif compare the > ifindex of the interface, which is included directly in the > packet. Conveniently, the rule is created using the *name* of the > interface (which gets converted to ifindex as the rule is added), so > no extra work is required other than changing the commandline option. > > If it was the case that the interface could be deleted and re-added > during the life of the rule, we would have to use Xifname (since > deleting and re-adding the interface would result in ifindex > changing), but for our uses this never happens, so Xif works for us, > and undoubtedly improves performance by at least 0.0000001%. > > Signed-off-by: Laine Stump <laine@xxxxxxxxxx> > --- > src/network/network_nftables.c | 28 +++++++++---------- > .../nat-default-linux.nftables | 12 ++++---- > .../nat-ipv6-linux.nftables | 24 ++++++++-------- > .../nat-ipv6-masquerade-linux.nftables | 24 ++++++++-------- > .../nat-many-ips-linux.nftables | 20 ++++++------- > .../nat-no-dhcp-linux.nftables | 24 ++++++++-------- > .../nat-tftp-linux.nftables | 12 ++++---- > .../route-default-linux.nftables | 12 ++++---- > 8 files changed, 78 insertions(+), 78 deletions(-) Reviewed-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
