Am 07.07.2011 15:45, schrieb Florian Westphal: > Patrick McHardy <kaber@xxxxxxxxx> wrote: >> On 10.06.2011 00:14, Florian Westphal wrote: >>> Introduces a new nfnetlink type that applies a given >>> verdict to all queued packets with an id <= the id in the verdict >>> message. >>> >>> If a mark is provided it is applied to all matched packets. >>> >>> This reduces the number of verdicts that have to be sent. >>> Applications that make use of this feature need to maintain >>> a timeout to send a batchverdict periodically to avoid starvation. >> >> Thanks Florian. Do you have any throughput numbers with this patch? > > I re-ran some tests via lo, with Eric Dumazets > "netfilter: nfqueue: assert monotonic packet ids" patch applied on top of > a 2.6.39.2 kernel. > > With "one accept per packet", the rest program needs > about two minutes to process 10000000 1024-Byte udp packets > sent via lo (queueing via > -t mangle -I INPUT -i lo -p udp -m udp --dport 6666 -j NFQUEUE --queue-num 0 > ; no other queueing rules active) > > When sending batch accept verdicts for every tenth packet received, > run time was reduced to about 72 seconds. > > I ran this several times and the results were similar. Thanks, that sounds pretty promising. > Just to be sure I also tried with the Erics RCU patch applied but I > did not see any changes (not surprising because nfnl_mutex should > not cause contention in the "single queue" case). I'll have another look at this patch later. As I wrote, I'm unsure whether we want to do a full move to RCU because of ctnetlink, but the optional RCU callbacks seem fine for now. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
