Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp288658rwe; Wed, 24 Aug 2022 23:30:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR6G2WlEXpUUaVjl2r7GqLK7Vhde9MUcxe+1ixk0ixELOa5UP8FoiVeHSMgHtBTshLJZJxsk X-Received: by 2002:a17:902:e74d:b0:173:569:278b with SMTP id p13-20020a170902e74d00b001730569278bmr2400017plf.135.1661409051057; Wed, 24 Aug 2022 23:30:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661409051; cv=none; d=google.com; s=arc-20160816; b=l/gq5kFCRtynUqUX+M2vTDIqwzHDBEz9Xo2HGdoFdi4hEn/EO/Md83hfZSo0ZtFP4B T00d/+oK1h806avFAYvuxq7EF1bFTPYQnZ3U9JPAPqyNqwrMGnCDH9bayAEQXO+PPrZV B5b57jIA1HWrx5yjWLafAnr907wAbUUqjghSqp3jPZSsdfHpta0JSEh9uO6YdVnTJZf2 AzPyq4YNiT14AOop4p+JbYOVBougVaX1wWf243GSK6JDFN7sdLRvGcuY0XbIrHj4BVq8 fJbqK7cAwBDczHFyj5IsWKYsG2g52kcrvZZ5un1ZRLLwGHQXbJ7hmdcAWZ1cN+iw84Fx K2Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date; bh=nkf2fpVYRJuOumKxEqjrEcCN7XDhf9k/wGLQqfvJPas=; b=R+OOwdsyLBr0QNRyp8RjRVd3kaGFMbcxn4QWsv8/nudsVVzDDaPH21xgac8blI7KFP QGKxDmZ4uceNQm9aBzJqMjm2pojc+I1J5A3/kC4S4kB03NKCFZqgIerBdpTfL6jVYJLB Mbp6C2LC4RVLBfij+JfMXAU237WzWcyhKgr7MpotbfFTZ5sqObFcoBpz+ZTMZQmUIoIq tWZmC8JEOwbMTEJE4p2boqCClirPB9QQYRn0BJOdN5q7ZSj36Vd/xR/4f6rfPefg2x4F OCKiXvOS2vO1OF17/UuZhR44r1pO6IufSNF2/q/J/cuy+BRr2gm1Gi3DZDayDjJJQMne QmJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o3-20020a639203000000b00427567b8438si12578693pgd.871.2022.08.24.23.30.39; Wed, 24 Aug 2022 23:30:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232271AbiHYFdF (ORCPT + 99 others); Thu, 25 Aug 2022 01:33:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230104AbiHYFdD (ORCPT ); Thu, 25 Aug 2022 01:33:03 -0400 Received: from mg.ssi.bg (mg.ssi.bg [193.238.174.37]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BCF4C7822B; Wed, 24 Aug 2022 22:33:02 -0700 (PDT) Received: from mg.ssi.bg (localhost [127.0.0.1]) by mg.ssi.bg (Proxmox) with ESMTP id 7320528778; Thu, 25 Aug 2022 08:33:00 +0300 (EEST) Received: from ink.ssi.bg (unknown [193.238.174.40]) by mg.ssi.bg (Proxmox) with ESMTP id 525492888D; Thu, 25 Aug 2022 08:32:59 +0300 (EEST) Received: from ja.ssi.bg (unknown [178.16.129.10]) by ink.ssi.bg (Postfix) with ESMTPS id EBB493C07D1; Thu, 25 Aug 2022 08:32:52 +0300 (EEST) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by ja.ssi.bg (8.17.1/8.16.1) with ESMTP id 27P5WpCj010719; Thu, 25 Aug 2022 08:32:52 +0300 Date: Thu, 25 Aug 2022 08:32:51 +0300 (EEST) From: Julian Anastasov To: "longguang.yue" cc: horms@verge.net.au, kadlec@netfilter.org, fw@strlen.de, pablo@netfilter.org, lvs-devel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re:Re: [PATCH] ipvs: add a sysctl switch to control ipvs to bypass OUTPUT chain or not In-Reply-To: <31196e83.2cbe.182d3693f03.Coremail.bigclouds@163.com> Message-ID: References: <20220819100702.14889-1-bigclouds@163.com> <495ceee5-f8dc-06e-d1ef-258d1889c7b8@ssi.bg> <31196e83.2cbe.182d3693f03.Coremail.bigclouds@163.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-1463811672-110765213-1661405572=:5176" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---1463811672-110765213-1661405572=:5176 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Hello, On Thu, 25 Aug 2022, longguang.yue wrote: > I see.  > I hope we could find a maintainable and decoupled way to keep ipvs high performance. > especially for kubernetes environment, there are from dozens up to one hundred rules in OUTPUT chain. May be some rules can help the bunch of rules to be applied only for first packet, not for every packet in connection, such as: iptables -t filter -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A OUTPUT -m ipvs --ipvs -j ACCEPT Regards -- Julian Anastasov ---1463811672-110765213-1661405572=:5176--