Patrick presents one work that is aiming at getting rid of the second tuple in the connection tracking. This second tuple is only necessary when NAT is used. idea is not new but at the time the ct-extention where not available and thus it would not be possible to add it when needed. Patrick has done most of the work but there is still a missing point which is the hash function. It has to be symetrical:
hash_func(src,dst) = hash_func(dst, src)and it must be very fast to avoid slowdown of the conntrack. If this point is fixed, then it will be possible to get rid of the second tuple for all non NATed connection tracking entries.