[v3.2.24] ct: endless loop when initializing netfilter/ct cache
Thomas Graf
tgraf at suug.ch
Fri Nov 7 03:00:46 PST 2014
On 10/28/14 at 04:35pm, Holger Eitzenberger wrote:
> Sorry, I have been interrupted, now going back to this problem.
>
> > > Turns out to be more of like a performance regresssion, as same
> > > program built against libnl v3.2.13 is considerably faster - even on a
> > > box with more conntracks...
>
> FYI, I see the problem since changing pickup_cb() to check for
> duplicates when updating the cache.
>
> The cache->c_items are a list of cache entries, and they are searched
> in order for a matching entry in nl_cache_search().
>
> For a mass entity like conntracks this turns out to be very bad on
> performance.
That makes sense. Insertion through pickup became exponetionally
more expensive.
The right thing to do here is to introduce a flag to disable the
dup check for individual caches and even cache types such as CT
which do not require the dup check at all.
More information about the libnl
mailing list