All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nf 0/2] netfilter: nf_nat_masquerade: don't block rtnl lock
@ 2021-09-15 14:46 Florian Westphal
  2021-09-15 14:46 ` [PATCH nf 1/2] netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic Florian Westphal
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Florian Westphal @ 2021-09-15 14:46 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Florian Westphal

nf_nat_masquerade registers conntrack notifiers to early-expire
conntracks that have been using the downed device/removed address.

With large number of disappearing devices (ppp), iterating the table
for every notification blocks the rtnl lock for multiple seconds.

This change unconditionally defers the walk to the system work queue
so that rtnl lock is not blocked longer than needed.

This is not a regression, the notifier and cleanup walk have existed
since the functionality was added more than 20 years ago.

Florian Westphal (2):
  netfilter: nf_nat_masquerade: make async masq_inet6_event handling
    generic
  netfilter: nf_nat_masquerade: defer conntrack walk to work queue

 net/netfilter/nf_nat_masquerade.c | 168 +++++++++++++++++-------------
 1 file changed, 97 insertions(+), 71 deletions(-)

-- 
2.32.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-09-21  1:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-15 14:46 [PATCH nf 0/2] netfilter: nf_nat_masquerade: don't block rtnl lock Florian Westphal
2021-09-15 14:46 ` [PATCH nf 1/2] netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic Florian Westphal
2021-09-15 14:46 ` [PATCH nf 2/2] netfilter: nf_nat_masquerade: defer conntrack walk to work queue Florian Westphal
2021-09-21  1:48 ` [PATCH nf 0/2] netfilter: nf_nat_masquerade: don't block rtnl lock Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.