Dear Everyone, OK, I will send you the patch soon. I have though that a loadable module should be much better than kernel patch, because you don't need to compile and rebuild the kernel. The packet re-ordering can be avoided by hash CPU based on a simple and quick formula cpu = iph->saddr + iph->daddr + skb->h.th->source + skb->h.th->dest. (for TCP). so you can see, one TCP connection is always dispatched to one cpu. This is a CONNTRACK similar issue, but we don't need that complicated as connection tracking, a simple hash should be enough. As I said in previous email, we have not considered reordering issue for other protocols , such as UDP(snat), GRE, etc. The key is to to hash a cpu(0 to nr_cpus) based on packet. it should be simple and quick hash. John Ye ----- Original Message ----- From: "Jan Engelhardt" <jengelh@xxxxxxxxxxxxxxx> To: "John Ye" <johny@xxxxxxxxxxxxx> Cc: <netfilter-devel@xxxxxxxxxxxxxxx>; "YE QY" <iceburgue@xxxxxxxxx> Sent: Friday, September 28, 2007 9:52 PM Subject: Re: remarkably Increase iptables' speed on SMP system. On Sep 28 2007 10:15, John Ye wrote: > >It can be viewed and downloaded from blog http://blog.chinaunix.net/u/12848/showart.php?id=389602 >You are welcome to review and test without patching and re-compiling the kerenl. Well, send a patch. I have no idea what to make out of that single file, which obviously even has some code that does not look nice. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
