On netns exit the conntrack table is iterated once for every netns on the exit list. We can use same 'trick' as tcp metrics and use the netns refcount to detect which net namespaces are exiting instead. This allows to iterate the table only once regardless of how many net namespaces require cleanup. Florian Westphal (2): netfilter: conntrack: split nf_conntrack_cleanup_net_list netfilter: conntrack: speed up netns cleanup net/netfilter/nf_conntrack_core.c | 40 +++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 10 deletions(-) -- 2.32.0
