Is there documentation (other than the source code) of aspects of the software architecture of netfilter in the Linux kernel, i.e., whether/when inspected packet headers are cached for future lookups; when/how the different hash tables get used, etc.? I understand iptables, conntrack, networking, and firewalls. I need to make some performance assessments of iptables constructs for config files for a high performance application. E.g., whether there is a performance hit for using IP range match and multiport range constructs. I haven't found appropriate documentation. thank you.
