Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754617AbbBKWWh (ORCPT ); Wed, 11 Feb 2015 17:22:37 -0500 Received: from shards.monkeyblade.net ([149.20.54.216]:51709 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754138AbbBKWWg (ORCPT ); Wed, 11 Feb 2015 17:22:36 -0500 Date: Wed, 11 Feb 2015 14:29:36 -0800 (PST) Message-Id: <20150211.142936.951620487173949333.davem@davemloft.net> To: imrep.amz@gmail.com Cc: bridge@lists.linux-foundation.org, stephen@networkplumber.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, imrep@amazon.de, aliguori@amazon.com Subject: Re: [PATCH] bridge: make it possible for packets to traverse the bridge withour hitting netfilter From: David Miller In-Reply-To: <1423560744-19011-1-git-send-email-imrep.amz@gmail.com> References: <1423560744-19011-1-git-send-email-imrep.amz@gmail.com> X-Mailer: Mew version 6.4 on Emacs 23.4 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.7 (shards.monkeyblade.net [149.20.54.216]); Wed, 11 Feb 2015 14:22:35 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1166 Lines: 29 From: Imre Palik Date: Tue, 10 Feb 2015 10:32:24 +0100 > From: "Palik, Imre" > > The netfilter code is made with flexibility instead of performance in mind. > So when all we want is to pass packets between different interfaces, the > performance penalty of hitting netfilter code can be considerable, even when > all the firewalling is disabled for the bridge. > > This change makes it possible to disable netfilter both on a per bridge basis, > or for the whole bridging subsystem. In the case interesting to us, this can > lead to more than 10% speedup compared to the case when only bridge-iptables > are disabled. > > Cc: Anthony Liguori > Signed-off-by: Imre Palik Sorry, no. If I apply this, someone is going to try to submit a patch for every damn protocol layer to add a stupid hack like this. Makw NF_HOOK() faster instead. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/