Hello, On Tue, 2 Dec 2014, Florian Westphal wrote: > ... to avoid per-packet FIB lookup if possible. > > The cached dst is re-used provided the input interface > is the same as that of the previous packet in the same direction. > > If not, the cached dst is invalidated. > > This should speed up forwarding when conntrack is already in use > anyway, especially when using reverse path filtering -- active RPF > enforces two FIB lookups for each packet. > > Before the routing cache removal this didn't matter since RPF > was performed only when route cache didn't yield a result; but without > route cache it comes at high price. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > Sending as RFC since I haven't tested this yet (aside from > single-forwarded-flow), so no performance data either. > > - doesn't work when iif changes (it invalidates cached dst), don't > think its a problem The idea is good. But code that caches dsts should also handle at least NETDEV_UNREGISTER (NETDEV_DOWN being another option) to release dsts. Holding dsts for frozen conns in EST state for long time is a problem. IIRC, such dsts are not under dst_dev_event() control. nf_nat_masquerade_ipv4.c has something like this but for masq_index. Regards -- Julian Anastasov <ja@xxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
