| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210614215351.GA734@salvia>
Date: Mon, 14 Jun 2021 23:53:51 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Aleksander Jan Bajkowski <olek2@...pl>
Cc: kadlec@...filter.org, fw@...len.de, davem@...emloft.net,
kuba@...nel.org, roid@...dia.com, netfilter-devel@...r.kernel.org,
coreteam@...filter.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH nf] Revert "netfilter: flowtable: Remove redundant hw
refresh bit"
Hi,
On Mon, Jun 14, 2021 at 09:34:40PM +0200, Aleksander Jan Bajkowski wrote:
> This reverts commit c07531c01d8284aedaf95708ea90e76d11af0e21.
>
> The previously mentioned commit significantly reduces NAT performance
> in OpenWRT. Another user reports a high ping issue. The results of
> IPv4 NAT benchmark on BT Home Hub 5A (with software flow offloading):
> * 5.4.124 515 Mb/s
> * 5.10.41 570 Mb/s
> * 5.10.42 250 Mb/s
> * 5.10.42 + revert 580 Mb/s
>
> Reverting this commit fixes this issue.
The xt_flowoffload module is inconditionally setting on the hardware
offload flag:
static int __init xt_flowoffload_tg_init(void)
{
int ret;
register_netdevice_notifier(&flow_offload_netdev_notifier);
ret = init_flowtable(&flowtable[0]);
if (ret)
return ret;
ret = init_flowtable(&flowtable[1]);
if (ret)
goto cleanup;
flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
[...]
which is triggering the slow down because packet path is allocating
work to offload the entry to hardware, however, this driver does not
support for hardware offload.
Probably this module can be updated to unset the flowtable flag if the
harware does not support hardware offload.
Powered by blists - more mailing lists