On Wed, Mar 7, 2012 at 5:23 AM, Florian Westphal <fw@xxxxxxxxx> wrote: > tingwei liu <tingw.liu@xxxxxxxxx> wrote: >> In the past few days, I have puzzled by NFQUEUE in bridge mode. >> I have take some test with five kernels. >> 2.6.24.4 >> 2.6.36.4 >> 2.6.38 >> 3.0.8 >> 3.1.10 >> >> The result is : 2.6.24.4,2.6.26.4,2.6.38 have a goog performance; >> 3.0.8 and 3.1.10 have a poor performance. >> Next is copy from suricata maillist( eric@xxxxxxxxx ) >> >> I'm having a look at it. There has been some changes between the two >> kernel versions (bringing more performances) but it seems there is some >> side effects with bridge. > > Might be the 'gro+nfqueue eats MAC header' problem, you could try > commit a8db7b2d197a0d624baab83f0c810b0edbc4ffd0 (netfilter: nf_queue: fix > queueing of bridged gro skbs). Or, disable gro on all bridge ports via > ethtool -K $device gro off > I have test it.You are right.Now it is time to learn why the gro effects it. Thanks very much. > If its not gro related, please provide more information about your > machine, setup, ... etc. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
