Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > nfqnl_build_packet_message() actually copy the packet > inside the netlink message, while it can instead use > zero copy. > > Make sure the skb 'copy' is the last component of the > cooked netlink message, as we cant add anything after it. > > Patch cooked in Copenhagen at Netfilter Workshop ;) This is awesome. Was there a consensus wrt. mmap'd netlink vs. your patch? [ I ask because both get rid of one skb data copy ] > Still to be addressed in separate patches : > > -GRO/GSO packets are segmented in nf_queue() > and checksummed in nfqnl_build_packet_message(). > Proper support for GSO/GRO packets (no segmentation, > and no checksumming) needs application cooperation, if we > want no regressions. Since ipqueue is gone we might be able to push the segmentation down to nfnetlink_queue. Then new userspace applications could indicate a 'I won't verify checksums and will handle huge packets'. Are you working on something like this? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
