From: jamal <hadi@cyberus.ca>
To: Denys Fedoryschenko <denys@visp.net.lb>
Cc: netdev@vger.kernel.org
Subject: Re: kernel mode pppoe ppp if + ifb + mirred redirect, ethernet packets in ifb?!
Date: Tue, 13 Oct 2009 08:21:17 -0400 [thread overview]
Message-ID: <1255436477.6305.2.camel@dogo.mojatatu.com> (raw)
In-Reply-To: <200910130144.04910.denys@visp.net.lb>
On Tue, 2009-10-13 at 01:44 +0300, Denys Fedoryschenko wrote:
> It kills me :-) Each new version it doesn't work and i notice, i'm almost one
> who use it :-) Probably i should wait till netfilter API and iptables
> conversion will stabilize somehow.
>
I am a little frustrated - but yeah, waiting may help. I tend to do a
lot of private support to fix integration with iptables problems, so you
are not the only user ;->. I wish one distro gets it right.
The most hopeful seems to be debian.
> Plus skbedit in some cases will be faster, if i eliminate iptables, unloading
> modules even, basic filtering can be done by iproute2 too, i won't have
> netfilter locks that make things slow on SMP (at least what i heard here and
> what oprofile shows, that MARK was small CPU hog to compare with skbedit).
>
Makes sense.
> I am happily running 2k pppoe users on Quad Core CPU/on supercheap r8169
> (better nic not available here) with skbedit and flow classifier. It can do
> more even, i think.
I bet pppd in user space is probably your biggest problem in terms of
performance.
> After switching to skbedit things improve a lot (before 1k users was near max)
>
Not using netfilter will improve your numbers. So can skbedit do fwmark
as well?
> I can test even, even if he won't.
> As i understand, for pppoe case, he can just skip offset for ethernet and
> pppoe header, and he can filter by ip, or not?
> Current way is maybe better, cause someone who want to count everything with
> ethernet and pppoe headers - can, and who want without - also can (by setting
> offset , just a bit more difficult.
>
> Like
> /sbin/tc filter add dev eth1 protocol 0x8864 parent 2:0 prio 1 u32 \
> match u32 0x$IPREMOTE_HEX 0xffffffff at 24 flowid 2:$ID
> (found in LARTC)
yes, something like that.
It may be easier to tcpdump -x on both pppoe and ifb and see how the
packets look like at what offset. If that doesnt work well, I will work
on a patch...
cheers,
jamal
next prev parent reply other threads:[~2009-10-13 12:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-12 8:43 kernel mode pppoe ppp if + ifb + mirred redirect, ethernet packets in ifb?! Denys Fedoryschenko
2009-10-12 13:10 ` jamal
2009-10-12 14:15 ` Denys Fedoryschenko
2009-10-12 20:57 ` jamal
2009-10-12 21:54 ` Denys Fedoryschenko
2009-10-12 22:07 ` jamal
2009-10-12 22:44 ` Denys Fedoryschenko
2009-10-13 12:21 ` jamal [this message]
2009-10-13 12:45 ` Denys Fedoryschenko
2009-10-13 13:02 ` jamal
2009-10-13 14:34 ` Benjamin LaHaise
2009-10-14 12:00 ` jamal
2009-10-14 19:11 ` Jarek Poplawski
2009-10-14 19:59 ` Jarek Poplawski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1255436477.6305.2.camel@dogo.mojatatu.com \
--to=hadi@cyberus.ca \
--cc=denys@visp.net.lb \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).