• Paolo Abeni's avatar
    net: avoid a full fib lookup when rp_filter is disabled. · 6e617de8
    Paolo Abeni authored
    Since commit 1dced6a8 ("ipv4: Restore accept_local behaviour
    in fib_validate_source()") a full fib lookup is needed even if
    the rp_filter is disabled, if accept_local is false - which is
    the default.
    
    What we really need in the above scenario is just checking
    that the source IP address is not local, and in most case we
    can do that is a cheaper way looking up the ifaddr hash table.
    
    This commit adds a helper for such lookup, and uses it to
    validate the src address when rp_filter is disabled and no
    'local' routes are created by the user space in the relevant
    namespace.
    
    A new ipv4 netns flag is added to account for such routes.
    We need that to preserve the same behavior we had before this
    patch.
    
    It also drops the checks to bail early from __fib_validate_source,
    added by the commit 1dced6a8 ("ipv4: Restore accept_local
    behaviour in fib_validate_source()") they do not give any
    measurable performance improvement: if we do the lookup with are
    on a slower path.
    
    This improves UDP performances for unconnected sockets
    when rp_filter is disabled by 5% and also gives small but
    measurable performance improvement for TCP flood scenarios.
    
    v1 -> v2:
     - use the ifaddr lookup helper in __ip_dev_find(), as suggested
       by Eric
     - fall-back to full lookup if custom local routes are present
    Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    6e617de8
ipv4.h 3.82 KB