On Tue, 2017-01-24 at 16:04 +0100, Paolo Abeni wrote: > Double checking to see if I understood the above correctly: do you > suggest to call nf_reset() from the affected drivers's > ndo_features_check(), eventually adding such ndo if needed ? > > I think calling nf_reset() in the common code should be better: the > conntrack entry is hot in the cache and we may want to clear it early > for as many devices as possible.
This would add a conditional test, which will be not correctly predicted by CPU in tunnel or bonding/team very common cases. While doing it in an affected driver would not penalize fast path. A little bit harder sure, but performance matters ;)
