On Thu, 11 Mar 2021 01:35:41 +0100 Pablo Neira Ayuso wrote: > The following patchset augments the Netfilter flowtable fastpath to > support for network topologies that combine IP forwarding, bridge, > classic VLAN devices, bridge VLAN filtering, DSA and PPPoE. This > includes support for the flowtable software and hardware datapaths. > > The following pictures provides an example scenario: > > fast path! > .------------------------. > / \ > | IP forwarding | > | / \ \/ > | br0 wan ..... eth0 > . / \ host C > -> veth1 veth2 > . switch/router > . > . > eth0 > host A > > The bridge master device 'br0' has an IP address and a DHCP server is > also assumed to be running to provide connectivity to host A which > reaches the Internet through 'br0' as default gateway. Then, packet > enters the IP forwarding path and Netfilter is used to NAT the packets > before they leave through the wan device. > > The general idea is to accelerate forwarding by building a fast path > that takes packets from the ingress path of the bridge port and place > them in the egress path of the wan device (and vice versa). Hence, > skipping the classic bridge and IP stack paths. And how did you solve the invalidation problem?
