tingwei liu <tingw.liu@xxxxxxxxx> wrote: > In the past few days, I have puzzled by NFQUEUE in bridge mode. > I have take some test with five kernels. > 2.6.24.4 > 2.6.36.4 > 2.6.38 > 3.0.8 > 3.1.10 > > The result is : 2.6.24.4,2.6.26.4,2.6.38 have a goog performance; > 3.0.8 and 3.1.10 have a poor performance. > Next is copy from suricata maillist( eric@xxxxxxxxx ) > > I'm having a look at it. There has been some changes between the two > kernel versions (bringing more performances) but it seems there is some > side effects with bridge. Might be the 'gro+nfqueue eats MAC header' problem, you could try commit a8db7b2d197a0d624baab83f0c810b0edbc4ffd0 (netfilter: nf_queue: fix queueing of bridged gro skbs). Or, disable gro on all bridge ports via ethtool -K $device gro off If its not gro related, please provide more information about your machine, setup, ... etc. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
