Stephen Hemminger wrote:
I was measuring bridging/routing performance and noticed this.
The current code runs the "all packet" type handlers before calling the
bridge hook. If an application (like some DHCP clients) is using AF_PACKET,
this means that each received packet gets run through the Berkeley Packet Filter
code in sk_run_filter (slow).
By moving the bridging hook to run first, the packets flowing through
the bridge get filtered out there. This results in a 14%
improvement in performance, but it does mean that some snooping applications
would miss packets if being used on a bridge. The correct way to see all
packets on a bridge is to set the bridge pseudo-device to promiscuous
mode.
Seems it would be better to fix these clients to be more selective as to
where they bind.
This breaks the case where you want to see packets on a particular interface,
not just the entire bridge, right?
Thanks,
Ben
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
---
net/core/dev.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index cf71614..dc2cda6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1792,6 +1792,10 @@ int netif_receive_skb(struct sk_buff *skb)
rcu_read_lock();
+ if (handle_bridge(&skb, &pt_prev, &ret, orig_dev))
+ goto out;
+
+
#ifdef CONFIG_NET_CLS_ACT
if (skb->tc_verd & TC_NCLS) {
skb->tc_verd = CLR_TC_NCLS(skb->tc_verd);
@@ -1826,9 +1830,6 @@ int netif_receive_skb(struct sk_buff *skb)
ncls:
#endif
- if (handle_bridge(&skb, &pt_prev, &ret, orig_dev))
- goto out;
-
type = skb->protocol;
list_for_each_entry_rcu(ptype, &ptype_base[ntohs(type)&15], list) {
if (ptype->type == type &&
--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc http://www.candelatech.com
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
