Hi, I am using libnetfilter-queue on a router running Ubuntu 10.10 with 2.6.35-28-generic. The problem I am having is that I am experiencing a very significant throughput slowdown whenever my NFQUEUE program is running. This happens even when I use bare bone libnetfilter-queue program that immediately issues an ACCEPT verdict as soon as it receives a packet. Whenever this program is running, my max throughput is cut in half, and the reason it happens is because nf_queue overflows (nf_queue: full at 1024 entries, dropping packets(s)), and I notice my CPU utilization is 100%. However, when my program is not running and I am not passing packets through NFQUEUE and the router routes packets as normal, I get full throughput with only 0.1% CPU utilization. I find this a bit strange, can the netfilter queue processing take the cpu from 0.1% to 100% and start dropping packets even with no other processing than setting immediately setting the verdict? We have two of these machines, with identical hardware and OS, and they experience the same behavior. I am also confused as we have been using these machines previously and been able to obtain full throughput with our netfilter program. Does anyone have a clue here, or suggest what I should look into in order to speed things up. Thanks, Anders -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
