From: John Fastabend <john.r.fastabend@intel.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>,
Patrick McHardy <kaber@trash.net>,
David Miller <davem@davemloft.net>
Cc: pablo@netfilter.org, tgraf@suug.ch,
netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH 0/7 RFC] Netfilter/nf_tables ingress support
Date: Tue, 14 Apr 2015 08:12:18 -0700 [thread overview]
Message-ID: <552D2E52.8020303@intel.com> (raw)
In-Reply-To: <552D07C4.1020509@mojatatu.com>
On 04/14/2015 05:27 AM, Jamal Hadi Salim wrote:
> On 04/13/15 16:19, Patrick McHardy wrote:
>
>> I'm going to jump in here since I think a good case for this can be
>> made. It's going to be a bit longer, sorry. You can skip to the
>> examples after the first three paragraphs since it's just a lot of
>> TC bashing :)
>
> Patrick, maybe i am misunderstanding.
> Here I am arguing against Alexei for introducing a couple of
> statements for the sake of performance and you want to put netfilter
> on that code path and maybe move ingress to be dependent on netfilter
> further up the stack? I know you are trying to sell the virtues
> of nft but since you are busy bashing here, how about this polite
> statement:
> Netfilter is not known for its performance. Even with the ingress qlock
> tc will outperform an equivalent operation done via netfilter.
avoiding the nft vs tc vs ebpf debate I will the ingress qlock is not
needed anymore I just haven't got to removing it yet. Its not actually
protecting any data structures though.
I was hoping to push the skb lists onto something like rte_ring
used by the DPDK folks or possibly some of the lockless ring work Jesper
created. This is needed for many qdisc's to drop the qlock but not the
ingress qdisc. Been busy working on switch bits lately but might be
able to pick this up next merge window.
Thanks,
John
next prev parent reply other threads:[~2015-04-14 15:13 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-10 12:15 [PATCH 0/7 RFC] Netfilter/nf_tables ingress support Pablo Neira Ayuso
2015-04-10 12:15 ` [PATCH 1/7] net: refactor __netif_receive_skb_core Pablo Neira Ayuso
2015-04-10 13:47 ` Daniel Borkmann
2015-04-15 16:09 ` Jesper Dangaard Brouer
2015-04-16 5:49 ` Patrick McHardy
2015-04-10 19:56 ` Alexander Duyck
2015-04-15 12:44 ` David Laight
2015-04-15 13:28 ` Alexander Duyck
2015-04-10 12:15 ` [PATCH 2/7] netfilter: add nf_hook_list_active() Pablo Neira Ayuso
2015-04-10 12:15 ` [PATCH 3/7] netfilter: add hook list to nf_hook_state Pablo Neira Ayuso
2015-04-10 12:15 ` [PATCH 4/7] netfilter: cleanup struct nf_hook_ops struct indentation Pablo Neira Ayuso
2015-04-10 13:27 ` Sergei Shtylyov
2015-04-10 12:15 ` [PATCH 5/7] net: add netfilter ingress hook Pablo Neira Ayuso
2015-04-10 13:21 ` Thomas Graf
2015-04-10 13:36 ` Patrick McHardy
2015-04-10 20:17 ` Pablo Neira Ayuso
2015-04-10 21:33 ` Patrick McHardy
2015-04-11 12:55 ` Pablo Neira Ayuso
2015-04-11 13:06 ` Patrick McHardy
2015-04-11 13:32 ` Pablo Neira Ayuso
2015-04-10 20:08 ` Pablo Neira Ayuso
2015-04-10 12:15 ` [PATCH 6/7] netfilter: nf_tables: allow to bind table to net_device Pablo Neira Ayuso
2015-04-10 12:15 ` [PATCH 7/7] netfilter: nf_tables: add netdev table to filter from ingress Pablo Neira Ayuso
2015-04-10 13:22 ` [PATCH 0/7 RFC] Netfilter/nf_tables ingress support Thomas Graf
2015-04-10 20:09 ` Pablo Neira Ayuso
2015-04-13 1:14 ` David Miller
2015-04-13 20:19 ` Patrick McHardy
2015-04-14 9:00 ` Thomas Graf
2015-04-14 9:06 ` Patrick McHardy
2015-04-14 10:08 ` Thomas Graf
2015-04-14 10:13 ` Patrick McHardy
2015-04-14 10:32 ` Thomas Graf
2015-04-14 20:05 ` Jesper Dangaard Brouer
2015-04-14 12:27 ` Jamal Hadi Salim
2015-04-14 15:12 ` John Fastabend [this message]
2015-04-14 15:36 ` Alexei Starovoitov
2015-04-15 7:35 ` John Fastabend
2015-04-15 9:19 ` Daniel Borkmann
2015-04-15 16:24 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=552D2E52.8020303@intel.com \
--to=john.r.fastabend@intel.com \
--cc=davem@davemloft.net \
--cc=jhs@mojatatu.com \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).