Re: Extremely slow network with e1000 & ip_conntrack

From: Henrik Nordstrom
Date: Thu Dec 11 2003 - 03:28:59 EST

Next message: Paul Menage: "Re: [ACPI] ACPI global lock macros"
Previous message: Tim Schmielau: "Re: Increasing HZ (patch for HZ > 1000)"
In reply to: Harald Welte: "Re: Extremely slow network with e1000 & ip_conntrack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 11 Dec 2003, Harald Welte wrote:

> yes, this is certainly a problem - but not with conntrack, only with
> nat. So maybe we should add a safeguard, preventing
> iptables_nat/ipchains/ipfwadm from being loaded when TSO on any
> interface is enabled? Or at least print a warining in syslog?

TSO can be enabled while NAT is running so you better do this in the
packet flow or if there is a suitable notifier hook that can be used.

Most firewalls etc load the ruleset before activating the
interfaces, i..e before even loading the nic drivers, so there is no
interfaces to look at when iptables_nat is loaded.

Regards
Henrik

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Menage: "Re: [ACPI] ACPI global lock macros"
Previous message: Tim Schmielau: "Re: Increasing HZ (patch for HZ > 1000)"
In reply to: Harald Welte: "Re: Extremely slow network with e1000 & ip_conntrack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]