Hi All, I have noticed the commit below in the kernel 4.7 change logs. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3d051477cf94e9d71d6acadb8a90de15237b9c1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8804b2722dc5d6f9b7ba0a9e812eae9ee5ce95bc Then, I think that this commit might increase SYNPROXY performance of kernel too and updated my kernel from 3.15.9 to 4.10. But I didn't notice any significant change on received pps with netfilter/SYNPROXY module. I wanted to ask you what may be the reason of that. The commit message says that the task test result would have approximately %100 increase. Could you give more details about the reflection of this commit to SYNPROXY module on performance perspective. If this commit not affect SYNPROXY module, I want to take your opinions about is there a way to increase SYNPROXY performace with some changes which are adopted from the commit linked above on SYNPROXY internals. CPU and nic info I used is below: Intel(R) Xeon(R) CPU E5645 @ 2.40GHz 82599ES 10-Gigabit SFI/SFP+ Network Connection and iptables rules -t raw -A PREROUTING -p tcp -m physdev --physdev-in enp7s0f0 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j NOTRACK -t filter -A FORWARD -p tcp -m physdev --physdev-in enp7s0f0 -m state --state INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1480 Thanks for your kind replies. Best regards, Tugrul -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
