On Sat, Aug 11, 2018 at 10:54:21PM +0300, Oleg wrote: > On Sat, Aug 11, 2018 at 12:15:26PM +0200, Pablo Neira Ayuso wrote: > > We used to have mmap for nfq but that was removed because there was no > > performance gain from it. > > Interesting. I didn't know about it. Was that a work without > kernelspace to userspace copying? > > > I think it's unlikely we'll see this infra > > again in place. Moreover, there's already a number of mechanism in > > place for nfq that were providing similar numbers. > > What mechanisms for example? See Performance in https://netfilter.org/projects/libnetfilter_queue/doxygen/html/ F_GSO flag is not documented though, so we pass big GSO packets to userspace. There is also skb_zerocopy() already upstream in nfnetlink_queue.c
