On Tue, Feb 19, 2002 at 02:40:36PM -0800, ravi c wrote: > Hello Harald, > Hi again!
> Actually I didn't realize that I posted it to > netfilter-user mailing list. I posted this performance > problem on Linux Kernel mailing list on Oct 18th 2001 > ( Sorry! I didn't know that there is netfilter mailing > list) to which Alexey replied, this patch is made and > tested after his responses and I posted the patch to > Linux Kernel and Netfilter user mailing list. Somehow > it got lost on Linux Kernel mailing list. No problem at all.. The issue is just, that the developers don't tend to read the netfilter users list that often... and on linux-kernel, everything is lost in the noise. I have now set up content- based filtering for linux-kernel, so nothing containing iptables or netfilter in the subject-header will get lost again. > A zerocopy skb (non-linear) is converted to linear skb > and further degrades the performance of zerocopy path. > This patch fixes the performance issue by setting a > flag in netfilter hook and by passing non-linear skbs > to netfilter hooks. Please review it and pass your > comments. Please accept the fix. Well, the question is: do we see this as a 'fix'? If you look at the history, the current situation is quite understandable: non-linear skb's have been introduced after netfilter was developed. So everything Rusty did (under the pressure of time) was to put the skb_linearize() in fron of netfilter to protect the whole netfilter subsystem. This is not the preferred solution, and definitely not meant to last forever. For example, in 2.5.x this needs to change and all netfilter modules are required to deal with nonlinear skb's. Regarding to your patch: The main disadvantage is: It breaks the current netfilter hook API. We always have to remember that we (i.e. the netfilter project with conntrack, nat, packet filtering, ...) are not the only user of this API and thus should not change an API during a stable kernel release. Why do you need this patch ? Which netfilter-using module doesn't need linear skb's? Are there any free software projects using netfilter hooks who can deal with nonlinear skbs? (and if, they could patch this part of the code as well. And: from my understanding, nonlinear skb's can only happen for packets sent by the local host (because zerocopy TCP send was used). Most people using netfilter are interested in forwarded packets, however. Summary: Yes, current code is not a good solution. But I'd rather fix all of the netfilter/iptables code. I'm happy to receive your comments on this. -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
