On Mon, Dec 19, 2016 at 02:09:33PM +0100, Jason A. Donenfeld wrote: > On Mon, Dec 19, 2016 at 2:06 PM, Baptiste Jonglez > wrote: > > Please provide numbers. I would be very surprised if a few redundant > > routes have any performance impact, given that the kernel can handle 600k > > routes without major issues. > > I'm thinking about the case in which a server has a 10/8 of clients, > each of which gets a /32. In this case quite a few routes wind up in > the table... How many? What is the performance impact? > Fortunately the change is pretty easy. Instead of running > `proto_add_ipv4_route ...` you run: > > [[ $(ip route get "$i") != *dev\ $INTERFACE\ * ]] && proto_add_ipv4_route ... I really don't like this kind of magic: if there are 42 allowed_ips entries in the config, then I would expect 42 routes to be created. If you don't want them, then just disable route_allowed_ips and add static or interface routes yourself. Also, are you sure that this works with busybox's version of "ip"? What if "ip" is not enabled in the image? All in all, since this change is not functionally needed, I don't see the point of adding the extra complexity and spending the time to test and maintain this. Baptiste