On Tue, Sep 24, 2024 at 3:33 PM Stephen Hemminger <stephen@xxxxxxxxxxxxxxxxxx> wrote: > > On Tue, 24 Sep 2024 17:09:06 +0800 > yushengjin <yushengjin@xxxxxxxxxxxxx> wrote: > > > When conducting WRK testing, the CPU usage rate of the testing machine was > > 100%. forwarding through a bridge, if the network load is too high, it may > > cause abnormal load on the ebt_do_table of the kernel ebtable module, leading > > to excessive soft interrupts and sometimes even directly causing CPU soft > > deadlocks. > > > > After analysis, it was found that the code of ebtables had not been optimized > > for a long time, and the read-write locks inside still existed. However, other > > arp/ip/ip6 tables had already been optimized a lot, and performance bottlenecks > > in read-write locks had been discovered a long time ago. > > > > Ref link: https://lore.kernel.org/lkml/20090428092411.5331c4a1@nehalam/ > > > > So I referred to arp/ip/ip6 modification methods to optimize the read-write > > lock in ebtables.c. > > What about doing RCU instead, faster and safer. Safer ? How so ? Stephen, we have used this stuff already in other netfilter components since 2011 No performance issue at all. Honestly, this old link ( https://lore.kernel.org/lkml/20090428092411.5331c4a1@nehalam/ ) is quite confusing, please yushengjin do not include it next time, or we will get outdated feedback. Instead, point to the real useful commit : commit 7f5c6d4f665bb57a19a34ce1fb16cc708c04f219 netfilter: get rid of atomic ops in fast path This is the useful commit, because this ebtable patch simply adopts the solution already used in iptables. And please compile your patch, and boot it, test it before sending it again.
