On Fri, Oct 23, 2015 at 12:43:17PM +0200, Florian Westphal wrote: > Ads section: > conntrack+filter + nat table used in init namespace, single TCP_STREAM lo netperf: > 87380 16384 16384 30.00 14348.66 > with patch set, netperf running in net namespace without rules: > 87380 16384 16384 30.00 15683.97 > > routing from ns3 -> ns2, filter + nat table & conntrack in all namespaces: > 87380 16384 16384 30.00 5664.46 > without conntrack+any tables in those namespaces: > 87380 16384 16384 30.00 7336.54 Florian, I didn't have time so far on this but I really expect that you follow up on this with a new version adressing or summarizing possible solutions for the corner cases that we have discussed previously. We definitely need this for better netns support in iptables. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
