Felix Fietkau wrote: > Both physdev matching and ebtables itself rely on bridging traffic > traversing through the netfilter matching chains. This is what's > causing the slowdown.
That's what I feared :-( > As far as I know, all Linux 2.4 versions of ebtables suffered from > this problem, only 2.6 dos not have this issue. Hmm, that's strange. I tried Kamikaze 8.09 with kernel 2.6 (+physdev/ebtables) and actually the router was crashing all the time. As I don't have a serial port soldered to my device and I didn't get any syslog packets on my log-server, I can only guess what happened. If I run top while transfering huge files at high bandwith I can see that the router spends 99% of the cpu time handling software interrupts. Looks like every single packet is triggering a software interrupt and the system does not have any cpu time left to handle other important events. After a while the router just resets. Never thought that simple network packets could make the linux kernel crash. > > I would be willing to buy a better router with more performance, too. I > > just bought the WRT54GL because I read it was fully supported and it has > > a switch which I can configure into seperate VLANs. I don't need WLAN so > > I don't care if wireless works. Can you recommend any router with VLAN > > support which has more performance and works with openwrt (and hopefully > > the layer2 filtering patch)? > > What specifically do you need physdev matching for? I need it for a transparent briding firewall to check the physical device a packet is coming in. We got a small subnet from our provider and I would like to filter all network packets and split the net in a protected zone and a DMZ using VLANs. The gateway router of our provider is in the same subnet. The normal clients have to have an official IP as they authenticate themselves to other computers on the internet via SSL certificates. The IP of the client has to match with the name stored in the certificate (otherwise I would just hide them in a private net). Configuration looks pretty much like this: [Clients]----[WRT54GL]----[gateway-router]----[internet] [DMZ]------------| Greets, Alex _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
