From: Anders Nilsson Plymoth <lanilsson@gmail.com>
To: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: netfilter queue throughput slowdown
Date: Wed, 29 Jun 2011 11:17:13 +0200 [thread overview]
Message-ID: <BANLkTinVcuMCoctfuZbUdd_6m8hpbtbwFA@mail.gmail.com> (raw)
Hi,
I am using libnetfilter-queue on a router running Ubuntu 10.10 with
2.6.35-28-generic. The problem I am having is that I am experiencing a
very significant throughput slowdown whenever my NFQUEUE program is
running. This happens even when I use bare bone libnetfilter-queue
program that immediately issues an ACCEPT verdict as soon as it
receives a packet. Whenever this program is running, my max throughput
is cut in half, and the reason it happens is because nf_queue
overflows (nf_queue: full at 1024 entries, dropping packets(s)), and I
notice my CPU utilization is 100%. However, when my program is not
running and I am not passing packets through NFQUEUE and the router
routes packets as normal, I get full throughput with only 0.1% CPU
utilization.
I find this a bit strange, can the netfilter queue processing take the
cpu from 0.1% to 100% and start dropping packets even with no other
processing than setting immediately setting the verdict? We have two
of these machines, with identical hardware and OS, and they experience
the same behavior.
I am also confused as we have been using these machines previously and
been able to obtain full throughput with our netfilter program.
Does anyone have a clue here, or suggest what I should look into in
order to speed things up.
Thanks,
Anders
next reply other threads:[~2011-06-29 9:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-29 9:17 Anders Nilsson Plymoth [this message]
2011-06-29 9:47 ` netfilter queue throughput slowdown Eric Dumazet
2011-06-29 9:55 ` Anders Nilsson Plymoth
2011-06-29 10:08 ` Eric Dumazet
2011-06-30 6:20 ` Kuzin Andrey
2011-06-30 6:47 ` Eric Dumazet
2011-06-30 7:36 ` Kuzin Andrey
2011-06-30 11:34 ` Eric Dumazet
2011-06-30 11:59 ` Patrick McHardy
2011-06-30 15:15 ` Eric Dumazet
2011-06-30 14:32 ` Stephen Clark
2011-06-30 14:51 ` Patrick McHardy
2011-06-30 17:07 ` Eric Leblond
2011-06-30 17:45 ` Eric Dumazet
2011-06-30 18:08 ` Eric Leblond
2011-07-01 6:39 ` Amos Jeffries
2011-07-01 7:00 ` [RFC] nfnetlink_queue not scalable Eric Dumazet
2011-07-01 7:49 ` Florian Westphal
2011-07-01 15:27 ` [PATCH 1/2] nfnetlink: add RCU in nfnetlink_rcv_msg() Eric Dumazet
2011-07-01 14:11 ` Florian Westphal
2011-07-05 13:22 ` Patrick McHardy
2011-07-18 14:06 ` Patrick McHardy
2011-07-01 15:08 ` netfilter queue throughput slowdown Anders Nilsson Plymoth
2011-06-30 22:24 ` Sam Roberts
2011-07-01 4:53 ` Eric Dumazet
2011-06-30 22:26 ` Sam Roberts
2011-07-01 4:52 ` Eric Dumazet
2011-07-02 12:25 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BANLkTinVcuMCoctfuZbUdd_6m8hpbtbwFA@mail.gmail.com \
--to=lanilsson@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).