On 29/06/11 11:17, Anders Nilsson Plymoth wrote: > Hi, > > I am using libnetfilter-queue on a router running Ubuntu 10.10 with > 2.6.35-28-generic. The problem I am having is that I am experiencing a > very significant throughput slowdown whenever my NFQUEUE program is > running. This happens even when I use bare bone libnetfilter-queue > program that immediately issues an ACCEPT verdict as soon as it > receives a packet. Whenever this program is running, my max throughput > is cut in half, and the reason it happens is because nf_queue > overflows (nf_queue: full at 1024 entries, dropping packets(s)), and I > notice my CPU utilization is 100%. However, when my program is not > running and I am not passing packets through NFQUEUE and the router > routes packets as normal, I get full throughput with only 0.1% CPU > utilization. > > I find this a bit strange, can the netfilter queue processing take the > cpu from 0.1% to 100% and start dropping packets even with no other > processing than setting immediately setting the verdict? We have two > of these machines, with identical hardware and OS, and they experience > the same behavior. > I am also confused as we have been using these machines previously and > been able to obtain full throughput with our netfilter program. > > Does anyone have a clue here, or suggest what I should look into in > order to speed things up. Did you have a look at the suggestion available in the documentation: http://www.netfilter.org/projects/libnetfilter_queue/doxygen/ See Performance. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
