Can I reduce CPU use of conntrack/masq?

[Steve Snyder]

Hello.

I am working on what amounts to a Ethernet to Ultra-Wide Band (UWB) 
converter box.  Packets are simply routed from 1 interface to 
another.

This box is based on an ARM7TDMI CPU, running Linux 2.4.26, and the 
network throughput of the box is CPU-limited.  How limited?  The 
100Mbps/FD Ethernet can do no better than 35Mbps.

I've discovered that I can improve Ethernet throughput by about %20 by 
removing the the conntrack/masq support from the kernel.  The removal 
is good only as a test, though, since I need this functionality to 
move the packets between interfaces.  

This is the relevant config:

CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y

Enabled at boot time like this:

/sbin/iptables -t nat -A POSTROUTING -o uwb0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward

I wonder if I can improve conntrack/masq performance at the expense of 
flexibility.  This will be a closed system, with simple and static 
routing.  Are there any trade-offs I can make to sacrifice unneeded 
flexibility in routing for reduced CPU utilization in conntrack/masq?

Thanks.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/