nf_nat_masquerade registers conntrack notifiers to early-expire
conntracks that have been using the downed device/removed address.
With large number of disappearing devices (ppp), iterating the table
for every notification blocks the rtnl lock for multiple seconds.
This change unconditionally defers the walk to the system work queue
so that rtnl lock is not blocked longer than needed.
This is not a regression, the notifier and cleanup walk have existed
since the functionality was added more than 20 years ago.
Florian Westphal (2):
netfilter: nf_nat_masquerade: make async masq_inet6_event handling
generic
netfilter: nf_nat_masquerade: defer conntrack walk to work queue
net/netfilter/nf_nat_masquerade.c | 168 +++++++++++++++++-------------
1 file changed, 97 insertions(+), 71 deletions(-)
--
2.32.0
