On 04/30/2015 06:36 PM, Pablo Neira Ayuso wrote: ...
But where are the barriers? These unfounded performance claims are simply absurd, qdisc ingress barely performs a bit better just because it executes a bit less code and only in the single CPU scenario with no rules at all.
I think we're going in circles a bit. :( You are right in saying that currently, there's a central spinlock, which is worked on to get rid of, you've seen the patch on the list floating around already. Single CPU, artificial micro-benchmark, which were done show that you see on your machine ~613Kpps to ~545Kpps, others have seen it more amplified as 22.4Mpps to 18.0Mpps drop from __netif_receive_skb_core() up to an empty dummy u32_classify() rule, which has already been acknowledged that this gap needs to be improved. Lets call it unfounded then. I think we wouldn't even have this discussion if we wouldn't try brute forcing both worlds behind this single static key, or, have both invoked from within the same layer/list. Cheers, Daniel -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
