Patrick McHardy <kaber@xxxxxxxxx> wrote: > On 10.06.2011 00:14, Florian Westphal wrote: > > Introduces a new nfnetlink type that applies a given > > verdict to all queued packets with an id <= the id in the verdict > > message. > > > > If a mark is provided it is applied to all matched packets. > > > > This reduces the number of verdicts that have to be sent. > > Applications that make use of this feature need to maintain > > a timeout to send a batchverdict periodically to avoid starvation. > > Thanks Florian. Do you have any throughput numbers with this patch? I re-ran some tests via lo, with Eric Dumazets "netfilter: nfqueue: assert monotonic packet ids" patch applied on top of a 2.6.39.2 kernel. With "one accept per packet", the rest program needs about two minutes to process 10000000 1024-Byte udp packets sent via lo (queueing via -t mangle -I INPUT -i lo -p udp -m udp --dport 6666 -j NFQUEUE --queue-num 0 ; no other queueing rules active) When sending batch accept verdicts for every tenth packet received, run time was reduced to about 72 seconds. I ran this several times and the results were similar. Just to be sure I also tried with the Erics RCU patch applied but I did not see any changes (not surprising because nfnl_mutex should not cause contention in the "single queue" case). If anyone else wants to do some tests or verify these results, i've put the test program and a patch for libnetfilter_queue here: http://strlen.de/nfqueue/ Some earlier tests (which i cannot reproduce at the moment because the setup no longer exists) showed throughput increases from ~800 mbit to about 1050 mbit, also using UDP frames (but via 10G Ethernet instead of lo; this was with a 2.6.32.y based kernel). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
