All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Anders Nilsson Plymoth <lanilsson@gmail.com>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: netfilter queue throughput slowdown
Date: Wed, 29 Jun 2011 11:47:23 +0200	[thread overview]
Message-ID: <1309340843.2532.112.camel@edumazet-laptop> (raw)
In-Reply-To: <BANLkTinVcuMCoctfuZbUdd_6m8hpbtbwFA@mail.gmail.com>

Le mercredi 29 juin 2011 à 11:17 +0200, Anders Nilsson Plymoth a écrit :
> Hi,
> 
> I am using libnetfilter-queue on a router running Ubuntu 10.10 with
> 2.6.35-28-generic. The problem I am having is that I am experiencing a
> very significant throughput slowdown whenever my NFQUEUE program is
> running. This happens even when I use bare bone libnetfilter-queue
> program that immediately issues an ACCEPT verdict as soon as it
> receives a packet. Whenever this program is running, my max throughput
> is cut in half, and the reason it happens is because nf_queue
> overflows (nf_queue: full at 1024 entries, dropping packets(s)), and I
> notice my CPU utilization is 100%. However, when my program is not
> running and I am not passing packets through NFQUEUE and the router
> routes packets as normal, I get full throughput with only 0.1% CPU
> utilization.
> 
> I find this a bit strange, can the netfilter queue processing take the
> cpu from 0.1% to 100% and start dropping packets even with no other
> processing than setting immediately setting the verdict? We have two
> of these machines, with identical hardware and OS, and they experience
> the same behavior.
> I am also confused as we have been using these machines previously and
> been able to obtain full throughput with our netfilter program.
> 
> Does anyone have a clue here, or suggest what I should look into in
> order to speed things up.
> 

Hmm, this is a known problem.

net/netfilter/nfnetlink_queue.c uses a single list of packets per queue.

If your application gives verdict for a packet not at the head of queue,
find_dequeue_entry() spend a lot of time to find the packet.

So are you sure you dont forget to give verdict for some packets, and
queue fills to its limit ?

Some attempts in the past tried to convert this list in a tree but AFAIK
nothing was merged.

By the way, latest Ubuntu has more recent kernel, you could try it as it
includes commit c463ac972315a0 (netfilter: nfnetlink_queue: some
optimizations)



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2011-06-29  9:47 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-29  9:17 netfilter queue throughput slowdown Anders Nilsson Plymoth
2011-06-29  9:47 ` Eric Dumazet [this message]
2011-06-29  9:55   ` Anders Nilsson Plymoth
2011-06-29 10:08     ` Eric Dumazet
2011-06-30  6:20       ` Kuzin Andrey
2011-06-30  6:47         ` Eric Dumazet
2011-06-30  7:36           ` Kuzin Andrey
2011-06-30 11:34             ` Eric Dumazet
2011-06-30 11:59               ` Patrick McHardy
2011-06-30 15:15                 ` Eric Dumazet
2011-06-30 14:32                   ` Stephen Clark
2011-06-30 14:51                     ` Patrick McHardy
2011-06-30 17:07                       ` Eric Leblond
2011-06-30 17:45                         ` Eric Dumazet
2011-06-30 18:08                           ` Eric Leblond
2011-07-01  6:39                           ` Amos Jeffries
2011-07-01  7:00                           ` [RFC] nfnetlink_queue not scalable Eric Dumazet
2011-07-01  7:49                             ` Florian Westphal
2011-07-01 15:27                               ` [PATCH 1/2] nfnetlink: add RCU in nfnetlink_rcv_msg() Eric Dumazet
2011-07-01 14:11                                 ` Florian Westphal
2011-07-05 13:22                                 ` Patrick McHardy
2011-07-18 14:06                                 ` Patrick McHardy
2011-07-01 15:08                           ` netfilter queue throughput slowdown Anders Nilsson Plymoth
2011-06-30 22:24                   ` Sam Roberts
2011-07-01  4:53                     ` Eric Dumazet
2011-06-30 22:26         ` Sam Roberts
2011-07-01  4:52           ` Eric Dumazet
2011-07-02 12:25 ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1309340843.2532.112.camel@edumazet-laptop \
    --to=eric.dumazet@gmail.com \
    --cc=lanilsson@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.