On Thu, Apr 30, 2015 at 12:12:04PM +0200, Pablo Neira Ayuso wrote: > > These are the numbers I got banging *one single CPU*: > > * Without patches + qdisc ingress: > > Result: OK: 16298126(c16298125+d0) usec, 10000000 (60byte,0frags) > 613567pps 294Mb/sec (294512160bps) errors: 10000000 > > * With patches + qdisc ingress on top of hooks: > > Result: OK: 18339281(c18339280+d0) usec, 10000000 (60byte,0frags) > 545277pps 261Mb/sec (261732960bps) errors: 10000000 > > * With patches + nftables ingress chain: > > Result: OK: 17118167(c17118167+d0) usec, 10000000 (60byte,0frags) > > 584174pps 280Mb/sec (280403520bps) errors: 10000000 So in other words you're saying: tc has to live with 12% slowdown (613k / 545k) only because _you_ want one hook for both nft and tc ?! The numbers from my box are 22.4 Mpps vs 18 Mpps which is 24% slowdown for TC due to nf_hook. Notice I'm seeing _millions_ packet per second processed by netif_receive_skb->ingress_qdisc->u32 whereas you're talking about _thousands_. Even if your box is very old, it still doesn't explain this huge difference. Please post 'perf report' numbers, so we can help analyze what is actually being measured. I bet netif_receive_skb is not even in top 10. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
