From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 938393BA8E for ; Wed, 25 Apr 2018 16:28:28 -0400 (EDT) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1524688107; bh=XiSH0ud9DZhWQOffjTdvx6u776JgqWQamYMJuC+81Dg=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=xTQF2uH0jqKnRl0KwYVeWO/JOazPFSYtDY+fdunfZynpjW+HAmW4JieTrZ1aU1W3m +YbAPQtuf492vMpd83baHvxbXB/joUZVRg2vH8NJzd55nGB+HIqf0HH8DPl4N/6JI6 ZzbTEcSimBJaNCvYXv2833pCbAVCma+fHOpxXLgXjsIoq7uMVdayEWLB2ivajlg3iZ +4X7uQbm0qRA0rCV63TemAo5pqKbrhE1Dob0KHKRZOpVSYFTowbSlvxyBg/JdsLfL2 YykdsUbK5u2dv5Nbxq4iy9p/gv7bZ+8jhJVHZmDartajvVah1Kxk2CW/+NT8Qb0lBU 0g9d6zuHYlVJA== To: David Lang Cc: Pete Heist , Jonathan Morton , cake@lists.bufferbloat.net In-Reply-To: References: <871sf6xqne.fsf@toke.dk> <003D19B8-73F8-46D4-8FC8-95F6E518D3B5@eventide.io> <311BE3FC-9211-4B33-AD46-444F21E2A38A@gmail.com> <6A13BD7F-D682-4864-B5DB-2352C1C3F529@eventide.io> <87r2n5802t.fsf@toke.dk> Date: Wed, 25 Apr 2018 22:28:25 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87y3hb3uae.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] Pre-print of Cake paper available X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 20:28:28 -0000 David Lang writes: > On Tue, 24 Apr 2018, Toke H=C3=B8iland-J=C3=B8rgensen wrote: > >> Pete Heist writes: >> >>>> On Apr 24, 2018, at 7:58 AM, Jonathan Morton w= rote: >>>>=20 >>>> Turning NAT support on by default might actually be reasonable, since >>>> it doesn't really break anything if it's not needed - it just eats a >>>> bit of CPU with unnecessary conntrack lookups. >>> >>> I would be for it, if it eats say < 1% additional CPU, and preferably >>> less. I expect the impact to increase with packet rates. >> >> I'm a bit worried that the way it is implemented now, if we turn it on >> by default we risk activating conntrack even when it was otherwise >> disabled... > > I will say that just about every system ships with conntrack enabled, and= =20 > disabling it can be pretty difficult (especially in LEDE/OpenWRT), there = are so=20 > many things that require it that tracking them all down and disabling the= m is=20 > very difficult. > > There are not that many places where Cake is going to be used that NAT or= some=20 > other thing that requires connection tracking is not also going to be use= d, in=20 > the remaining cases, can it be disabled manually in configs after it's be= en=20 > sucked in automatically? Hmm, actually it looks like just compiling against the conntrack code adds a module dependency on conntrack. And as far as I can tell, the code doesn't initiate any new conntrack state if it doesn't already exist. So I think it's safe to turn on NAT mode by default. Will add that :) -Toke