mirror of https://github.com/torvalds/linux.git
eaaff9b670
In case the fib match is used from the input hook we can avoid the fib
lookup if early demux assigned a socket for us: check that the input
interface matches sk-cached one.
Rework the existing 'lo bypass' logic to first check sk, then
for loopback interface type to elide the fib lookup.
This speeds up fib matching a little, before:
93.08 GBit/s (no rules at all)
75.1 GBit/s ("fib saddr . iif oif missing drop" in prerouting)
75.62 GBit/s ("fib saddr . iif oif missing drop" in input)
After:
92.48 GBit/s (no rules at all)
75.62 GBit/s (fib rule in prerouting)
90.37 GBit/s (fib rule in input).
Numbers for the 'no rules' and 'prerouting' are expected to
closely match in-between runs, the 3rd/input test case exercises the
the 'avoid lookup if cached ifindex in sk matches' case.
Test used iperf3 via veth interface, lo can't be used due to existing
loopback test.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| arp_tables.c | ||
| arpt_mangle.c | ||
| arptable_filter.c | ||
| ip_tables.c | ||
| ipt_ECN.c | ||
| ipt_REJECT.c | ||
| ipt_SYNPROXY.c | ||
| ipt_ah.c | ||
| ipt_rpfilter.c | ||
| iptable_filter.c | ||
| iptable_mangle.c | ||
| iptable_nat.c | ||
| iptable_raw.c | ||
| iptable_security.c | ||
| nf_defrag_ipv4.c | ||
| nf_dup_ipv4.c | ||
| nf_nat_h323.c | ||
| nf_nat_pptp.c | ||
| nf_nat_snmp_basic.asn1 | ||
| nf_nat_snmp_basic_main.c | ||
| nf_reject_ipv4.c | ||
| nf_socket_ipv4.c | ||
| nf_tproxy_ipv4.c | ||
| nft_dup_ipv4.c | ||
| nft_fib_ipv4.c | ||
| nft_reject_ipv4.c | ||