From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: cache route at pf state
To: Alexander Bluhm <bluhm@openbsd.org>, tech@openbsd.org
Date: Sat, 20 Jul 2024 11:57:11 -0600

Stuart Henderson <stu@spacehopper.org> wrote:

> On 2024/07/20 19:20, Alexander Bluhm wrote:
> > Hi,
> > 
> > When forwarding packets, rtable_match takes quite some time.
> > 
> > http://bluhm.genua.de/perform/results/2024-07-19T07:25:47Z/2024-07-19T00%3A00%3A00Z/btrace/ssh_perform%40lt13_iperf3_-6_-cfdd7%3Ae83e%3A66bc%3A0346%3A%3A36_-P10_-t10-btrace-kstack.0.svg?s=rtable_match
> > 
> > This can be avoided by caching the route at the pf state.
> 
> Is there some way to invalidate the cache if the route changes while the
> state is active?

Right.  We've been here before.  This is incompatible with dynamic routing.