David Lang <da...@lang.hm> writes: > On Tue, 24 Apr 2018, Toke Høiland-Jørgensen wrote: > >> Pete Heist <p...@eventide.io> writes: >> >>>> On Apr 24, 2018, at 7:58 AM, Jonathan Morton <chromati...@gmail.com> wrote: >>>> >>>> Turning NAT support on by default might actually be reasonable, since >>>> it doesn't really break anything if it's not needed - it just eats a >>>> bit of CPU with unnecessary conntrack lookups. >>> >>> I would be for it, if it eats say < 1% additional CPU, and preferably >>> less. I expect the impact to increase with packet rates. >> >> I'm a bit worried that the way it is implemented now, if we turn it on >> by default we risk activating conntrack even when it was otherwise >> disabled... > > I will say that just about every system ships with conntrack enabled, and > disabling it can be pretty difficult (especially in LEDE/OpenWRT), there are > so > many things that require it that tracking them all down and disabling them is > very difficult. > > There are not that many places where Cake is going to be used that NAT or > some > other thing that requires connection tracking is not also going to be used, > in > the remaining cases, can it be disabled manually in configs after it's been > sucked in automatically?
Hmm, actually it looks like just compiling against the conntrack code adds a module dependency on conntrack. And as far as I can tell, the code doesn't initiate any new conntrack state if it doesn't already exist. So I think it's safe to turn on NAT mode by default. Will add that :) -Toke _______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake