On Tue, Aug 16, 2022 at 06:21:55AM -0300, Fernando Gont wrote: > > Of course mbuf tags kill performance, but who uses hop-by-hop options > > anyway? pf drops such packets per default. > > FWIW, HBH options are *themselves* known to kill performance. :-) (see: > RFC9098).
Thanks for the link to the RFC. As we have a pure software implementation, packets with extension headers are not slower in general. In my case the reason for degraded performance is the transition to multi processor network stack. When everything is running MP, we can get them fast again. > OTOH, MLD uses HBH. But for the regular case, it's only of use for > MLD-snooping switches. I have improved our pf a while ago. It passes ICMPv6 MLD packets with router alert now. A special "allow-opts" rule is no longer necessary. Of course performance does not matter for them. bluhm
