On Tue, Jan 14, 2020 at 12:53:09AM +0100, Florian Westphal wrote: > Florian Westphal <fw@xxxxxxxxx> wrote: > > This entire series isn't nice but so far I did not find a better > > solution. > > I did consider getting rid of the unconfirmed list, but this is also > problematic. Another proposal: I think the percpu unconfirmed list should become a hashtable. >From resolve_normal_ct(), if __nf_conntrack_find_get() returns NULL, this can fall back to make a rcu lookless lookup on the unconfirmed hashtable. >From nf_nat_inet_fn(), grab a nat spinlock only if the conntrack is unconfirmed (slow path) to make sure that the packet winning race to enter nf_nat_inet_fn() takes the time to set up NAT properly.
