From: Flavio Leitner <fbl@xxxxxxxxxx> Date: Wed, 27 Jun 2018 10:34:24 -0300 > The sock reference is lost when scrubbing the packet and that breaks > TSQ (TCP Small Queues) and XPS (Transmit Packet Steering) causing > performance impacts of about 50% in a single TCP stream when crossing > network namespaces. > > XPS breaks because the queue mapping stored in the socket is not > available, so another random queue might be selected when the stack > needs to transmit something like a TCP ACK, or TCP Retransmissions. > That causes packet re-ordering and/or performance issues. > > TSQ breaks because it orphans the packet while it is still in the > host, so packets are queued contributing to the buffer bloat problem. > > Preserving the sock reference fixes both issues. The socket is > orphaned anyways in the receiving path before any relevant action, > but the transmit side needs some extra checking included in the > first patch. > > The first patch will update netfilter to check if the socket > netns is local before use it. > > The second patch removes the skb_orphan() from the skb_scrub_packet() > and improve the documentation. > > ChangeLog: > - split into two (Eric) > - addressed Paolo's offline feedback to swap the checks in xt_socket.c > to preserve original behavior. > - improved ip-sysctl.txt (reported by Cong) Series applied, thanks Flavio. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
