On Wed, 28 Feb 2007 17:28:09 -0800 Ben Greear <greearb@xxxxxxxxxxxxxxx> wrote: > Stephen Hemminger wrote: > > I was measuring bridging/routing performance and noticed this. > > > > The current code runs the "all packet" type handlers before calling > > the bridge hook. If an application (like some DHCP clients) is > > using AF_PACKET, this means that each received packet gets run > > through the Berkeley Packet Filter code in sk_run_filter (slow). > > > > By moving the bridging hook to run first, the packets flowing > > through the bridge get filtered out there. This results in a 14% > > improvement in performance, but it does mean that some snooping > > applications would miss packets if being used on a bridge. The > > correct way to see all packets on a bridge is to set the bridge > > pseudo-device to promiscuous mode. > > Seems it would be better to fix these clients to be more selective as > to where they bind. The problem is any use of BPF is a lose, if it has to be done to all traffic. > This breaks the case where you want to see packets on a particular > interface, not just the entire bridge, right? It might be possible to use promisc counter to handle this. _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxx https://lists.osdl.org/mailman/listinfo/bridge
