On Friday 2008-04-11 15:01, Thomas Mader wrote: > > I have two programs with a similar task. One is implemented as a kernelspace > module and the other as a userspace daemon using libnetfilter_queue. > Bot work with the same algorithm and inspect udp packets, send icmp packets on > special events and receive icmp replys. > I did a throughput test for both the following way: > > On my laptop I start the module/daemon and start a netperf udp stream from my > laptop to a server on LAN. The module/daemon inspect the udp stream and does > it's work. When the test is over, netperf shows me the throughput which came > through to the server. > Without any module/daemon running I get ~95mbit/s for my 100mbit LAN. > The funny thing though is, that I get ~85mbit/s with my kernelspace module but > ~90mbit/s with my userspace daemon. > > I thought about explanations for this but I don't come to reasonable > explanations for this behaviour. Shouldn't the kernelspace module be faster? > Why is it slower? You are using a raw socket in userspace, which effectively bypasses Netfilter. To make a meaningful test of it, the PF_RAW code would need an NF_HOOK into iptables to make a more accurate comparison I think. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
