Alex wrote: > Felix Fietkau wrote: >> Yes, enabling ebtables does create quite a bit of extra load. That's >> also the reason why it is currently not compiled for the releases >> (just compiling support for it already triggers the slowdown, even >> when the module is not loaded) > > Hmm, that's interesting. Does this slowdown occur with any layer2 matching? > If > I use an older kernel I could compile it without ebtables support but only > with iptables physdev matching. Do you know if physdev matching on its own > also triggers this slowdown? > Older versions of iptables still support physdev-out matching so I don't > really need ebtables. However this physdev-out matching is not perfect, as it > breaks traffic shaping. Both physdev matching and ebtables itself rely on bridging traffic traversing through the netfilter matching chains. This is what's causing the slowdown.
>> This particular patch was removed because it was causing problems, >> even for people that weren't actually using physdev or ebtables >> (something about neighbor cache overflow, iirc). > > Even more bad news :-( Is there any version of openwrt where physdev matching > is known to work? I can live with degraded network performance or broken > traffic shaping but the router shouldn't crash. I really depend on layer2 > filtering. After all this feature has been in the linux kernel such a long > time that there should be at least one single kernel version where it works. As far as I know, all Linux 2.4 versions of ebtables suffered from this problem, only 2.6 dos not have this issue. > I would be willing to buy a better router with more performance, too. I just > bought the WRT54GL because I read it was fully supported and it has a switch > which I can configure into seperate VLANs. I don't need WLAN so I don't care > if wireless works. Can you recommend any router with VLAN support which has > more performance and works with openwrt (and hopefully the layer2 filtering > patch)? What specifically do you need physdev matching for? - Felix _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
