Em Wed, Apr 06, 2011 at 01:02:39PM -0700, David Miller escreveu:
From: Arnaldo Carvalho de Melo <acme(a)ghostprotocols.net>
Date: Wed, 6 Apr 2011 16:57:19 -0300
> Something like ftrace code changing when the user inserts the first
> People wanting top performance disable it in the build, but thos wanting
> to stick to vendor provided kernels don't have that choice :)
Using ftrace-like stubs would be an interesting idea, and I highly encourage
people to work on something like that.
cool, these code modification and JIT mechanizms open up a lot of
possibilities indeed ;-)
However I want to reiterate that I think that real rules are
in Jesse's case, and once he removes those the majority of the
overhead will disappear. The FC14 workstation I'm using right now, on
which I've made no modifications to the installer's netfilter settings,
has the following rules:
I suspect Jesse has something similar on his test box.
When no rules are loaded, all the stubs make happen is a function call
plus a list_empty() check. Nothing more. I really can't see that, all
by itself, obliterating routing performance.
Yeah, would be nice, since he is playing with it, for him to post
numbers about the overheads.
In fact I've done udp flood tests, as recently as a month ago,
NETFILTER=y and no rules installed, and the impact was minimal.
And that was on sparc64 where function calls are expensive :)