(Oops; originally posted onto wrong list.) I have a single OUTPUT rule (drop a particular UDP host:port) that eats up a whole CPU core and a half (I have 8 cores total). It is the only rule I have. It doesn't matter whether I do it in the raw table or the filter table. This is when I'm just about maxing out 5 gigabit NICs (outgoing traffic only). The rule matches nearly all of the packets. Is there any way to reduce the load, or at least spread it out over all CPUs? My 8 cores are all at about 30% usage when I have no rules defined (and the packets are going out to the switch). When I add that rule, one of the cores shoots to 100%, another to 70% or so. The rest don't really change. I'm trying to figure out how to accomplish the same thing with a blackhole route for comparison's sake, but I can't get it to work -- the packets are still going out. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
