From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: cache route at pf state
To: tech@openbsd.org
Date: Sat, 20 Jul 2024 23:30:00 +0200

On Sat, Jul 20, 2024 at 11:57:11AM -0600, Theo de Raadt wrote:
> Stuart Henderson <stu@spacehopper.org> wrote:
> 
> > On 2024/07/20 19:20, Alexander Bluhm wrote:
> > > Hi,
> > > 
> > > When forwarding packets, rtable_match takes quite some time.
> > > 
> > > http://bluhm.genua.de/perform/results/2024-07-19T07:25:47Z/2024-07-19T00%3A00%3A00Z/btrace/ssh_perform%40lt13_iperf3_-6_-cfdd7%3Ae83e%3A66bc%3A0346%3A%3A36_-P10_-t10-btrace-kstack.0.svg?s=rtable_match
> > > 
> > > This can be avoided by caching the route at the pf state.
> > 
> > Is there some way to invalidate the cache if the route changes while the
> > state is active?
> 
> Right.  We've been here before.  This is incompatible with dynamic routing.

I have fixed dynamic routing before.  The generation number
rtgeneration invalidates the cache when routing table changes.

bluhm