Hi Ryoga, On Mon, Jul 19, 2021 at 07:12:46PM +0900, Ryoga Saito wrote: > Hi Pablo > > I would like your comments for it. > > I have 2 implementation ideas about fixing this patch: > > 1.) fix only coding style pointed out in previous mail > 2.) add sysctl parameter and change NF_HOOK to NF_HOOK_COND for user to > select behavior of hook call > > I believed SRv6 encaps/decaps operations should be tracked with conntrack > like any other virtual net-device based tunneling protocols (e.g. VXLAN, > IPIP) Agreed, users will be expecting consistent behaviour with the existing net-device based tunneling infrastructure. The hook order you are proposing look correct to me. > even if the forwarding performance slows down because occurred by > lack of considerations. and any other tunnels also have this overhead. If you go for option 2, you can add a new specific static_key for the lightweight tunnel netfilter hooks, this static key could be turned on via sysctl. But I think this sysctl toggle should be one-time (once enabled, you cannot disable it). I'll help you with the benchmarking. > Therefore, I support 1st idea. However, 2nd idea is ok if the overhead > caused by adding new hook isn't acceptable. I'd prefer option 1 too, I tend to dislike new sysctl toggles, the specific static_key should remove the concern on the performance impact for people that do not want to use this new infrastructure. Thanks.
