Jan Engelhardt wrote:
You are using a raw socket in userspace, which effectively bypasses Netfilter. To make a meaningful test of it, the PF_RAW code would need an NF_HOOK into iptables to make a more accurate comparison I think.
I don't understand what you mean since I also have a raw socket in kernelspace. Is it because I use kernel_sendmsg to send the icmp packet in kernelspace? I cannot believe that I get a ~5mbit/s decrease in throughput only because the sent icmp packets go through my module in kernelspace but not in userspace.
Nevertheless I removed the icmp send stuff from both and tested again. Now I get 95.60mbit/s for kernelspace and 95.69mbit/s for userspace. I think I can conclude that there is no drawback in throughput performance by using the userspace daemon, though the reason for it is still unknown.
-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
