Re: about the performance of netfilter

From: Harald Welte (laforge@gnumonks.org)
Date: Thu Jul 25 2002 - 02:28:11 EST

On Wed, Jul 24, 2002 at 09:24:56PM +0800, zhengchuanbo wrote:
>
> we use a linux router. i just tested the performance of the router. when the
> kernel is build without netfilter support,the throughput of 64bytes frame is
> about 45%. when i build the kernel with netfilter (only the ip_filter
> module),the throughput dropped to 24%, without any rules.

I assume you are talking about the iptable_filter module?

The loss from 45 to 25 percent sounds reasonable. You add computational
overhead to the codepath for every packet.

That initially you only achieve 45% (of what input packet rate?) indicates that
your system is in severe need of tuning.

Please look through the mailinglist archives to find out about NAPI and
related work.

> zhengcb@netpower.com.cn 

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Tue Jul 30 2002 - 14:00:21 EST