From: "Timo Teräs" <timo.teras@iki.fi>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: bad nat connection tracking performance with ip_gre
Date: Wed, 19 Aug 2009 11:40:09 +0300 [thread overview]
Message-ID: <4A8BBA69.4060500@iki.fi> (raw)
In-Reply-To: <4A8B02D2.2090400@iki.fi>
Timo Teräs wrote:
> Ok, finally figured out the difference. Looks like depending
> on the sendto() / local route / forward route / my patched mrt
> the skb that gets passed to ipgre_tunnel_xmit() seems to have
> nfctinfo either 0 or 2. This value is not modified; nf_reset()
> is called just before ip_local_out(). Looks like nf_reset()
> clears nfct to NULL, but does not touch nfctinfo.
>
> So when LOCAL_OUT hook for the GRE packet is hit, depending
> where the packet came: it has nfct=NULL and nfctinfo=ESTABLISHED
> or NEW. This also seems to affect if that specific skb gets
> the nat/OUTPUT hook called.
>
> Is this behaviour for nf_reset() intentional?
Apparently it does not matter.
The real problem seems to be bug that did not account for
irq times properly. It was fixed by "sched: account system time
properly" f5f293a4e3d0a0c52cec31de6762c95050156516 and that
caused biased CPU usage measurements.
Testing with kernel having that, I'm getting the same CPU
readings. And oprofile in timer mode didn't help noticing this.
Sorry for the noise.
- Timo
prev parent reply other threads:[~2009-08-19 8:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-18 10:14 bad nat connection tracking performance with ip_gre Timo Teräs
2009-08-18 10:38 ` Patrick McHardy
2009-08-18 12:45 ` Timo Teräs
2009-08-18 13:01 ` Patrick McHardy
2009-08-18 13:53 ` Timo Teräs
2009-08-18 14:58 ` Patrick McHardy
2009-08-18 17:39 ` Timo Teräs
2009-08-18 19:36 ` Timo Teräs
2009-08-19 8:40 ` Timo Teräs [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A8BBA69.4060500@iki.fi \
--to=timo.teras@iki.fi \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).