Openwrt/target/linux/generic/patches-4.0
Felix Fietkau 5fcafa319d generic: Fix per interface nf_call_iptables setting
commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
functionality have been disabled - eliminates the overhead of enabling
CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
which should reduce/eliminate the overhead for traffic send over bridges on
kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
breaks the nf_call_iptables per bridge setting which is more fine grained
than the global sysctl net.bridge.bridge-nf-call-iptables setting.

A test reflecting a real world setup was created to identify if this really
eliminates the overhead and if per-bridge nf_call_iptables could be used in
some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
Cables from the AP to the wifi station were used to reduce interference
problems during the tests.

The wlan interface was put in one bridge interface called br-wlan. This
bridge usually contains some more wlan interfaces. The eth0 was put in a
second bridge called br-lan. This usually contains some other privileged
wlan or mesh interfaces. Routing was added between br-lan and br-wlan.

Three kernels were tested:

 * (default) OpenWrt kernel for this device
 * (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
 * (brfilter-local)  OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
    without 644-bridge_optimize_netfilter_hooks.patch

The changes to the the netfilter settings of the bridge were done via:

 * (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
 * (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
   and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables

A station connected to the wlan0 (AP) interface was used to send traffic to
a PC connected via ethernet. iperf with 3 concurrent transmissions was used
to generate the traffic.

| kernel          | br-nf-* global | nf-call* iface | download | upload   |
|-----------------|----------------|----------------|----------|----------|
| default         | 0              | -              |      209 |      268 |
| brfilter-global | 0              | -              |      185 |      243 |
| brfilter-local  | 0              | -              |      187 |      243 |
| brfilter-local  | 0              | br-lan         |      157 |      226 |
| brfilter-local  | 0              | br-lan br-wlan |      139 |      161 |
| brfilter-global | 1              | -              |      136 |      162 |

Download/upload results in Mibit/s

It can be seen that the patch doesn't eliminate the overhead. It can also
be seen that the throughput of brfilter-global and brfilter-local with
disabled filtering is the roughly the same. Also the throughput for
brfilter-global and brfilter-local for enabled filtering on all bridges is
roughly the same.

But also the brfilter-local throughput is higher when only br-lan requires
the filtering. This setting would not be possible with
644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
compared with brfilter-global and filtering enabled for all interfaces.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 46835
2015-09-09 18:40:15 +00:00
..
000-keep_initrafs_the_default.patch
020-ssb_update.patch kernel: backport ssb fix for WRT350N v1 (BCM4705) reboots 2015-06-01 06:11:26 +00:00
021-bcma-from-4.1.patch
021-ssb_sprom.patch
022-bcma-from-4.2.patch kernel: backport config-related bcma patches from 4.2 2015-06-08 12:49:54 +00:00
050-backport_netfilter_rtcache.patch
060-mips_decompressor_memmove.patch
070-bgmac-register-fixed-PHY-for-ARM-BCM470X-BCM5301X-ch.patch
071-bgmac-allow-enabling-on-ARCH_BCM_5301X.patch
072-01-bgmac-fix-descriptor-frame-start-end-definitions.patch
072-02-bgmac-implement-GRO-and-use-build_skb.patch
072-03-bgmac-implement-scatter-gather-support.patch
072-04-bgmac-simplify-tx-ring-index-handling.patch
072-05-bgmac-leave-interrupts-disabled-as-long-as-there-is-.patch
072-06-bgmac-set-received-skb-headroom-to-NET_SKB_PAD.patch
072-07-bgmac-simplify-rx-DMA-error-handling.patch
072-08-bgmac-add-check-for-oversized-packets.patch
072-09-bgmac-increase-rx-ring-size-from-511-to-512.patch
072-10-bgmac-simplify-dma-init-cleanup.patch
072-11-bgmac-fix-DMA-rx-corruption.patch
072-12-bgmac-drop-ring-num_slots.patch
072-13-bgmac-fix-MAC-soft-reset-bit-for-corerev-4.patch
072-14-bgmac-reset-all-4-GMAC-cores-on-init.patch
072-15-bgmac-fix-requests-for-extra-polling-calls-from-NAPI.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
073-pppoe-Use-workqueue-to-die-properly-when-a-PADT-is-r.patch
091-mtd-spi-nor-add-support-Spansion_S25FL164K kernel: update 4.0 to 4.0.8 2015-07-11 19:59:05 +00:00
095-api-fix-compatibility-of-linux-in.h-with-netinet-in..patch kernel: improve uapi headers coexistence with musl 2015-07-03 11:48:45 +00:00
100-pppoe-drop-pppoe-device-in-pppoe_unbind_sock_work.patch
102-ehci_hcd_ignore_oc.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
110-jffs2-use-.rename2-and-add-RENAME_WHITEOUT-support.patch
111-jffs2-add-RENAME_EXCHANGE-support.patch
120-bridge_allow_receiption_on_disabled_port.patch
130-MIPS-kernel-fix-sched_getaffinity-with-MT-FPAFF-enab.patch kernel: fix sched_getaffinity on MIPS SMP systems (fixes enabling RPS/XPS in netifd with musl) 2015-07-18 22:49:39 +00:00
132-mips_inline_dma_ops.patch
140-overlayfs_readdir_locking_fix.patch kernel: add linux 4.0 overlayfs locking fix by Miklos Szeredi 2015-06-17 12:55:20 +00:00
180-usb-xhci-make-USB_XHCI_PLATFORM-selectable.patch kernel: update 4.0 to 4.0.7 2015-06-30 23:26:13 +00:00
190-cdc_ncm_add_support_for_moving_ndp_to_end_of_ncm_frame.patch kernel: cdc_ncm: Add support for moving NDP to end of NCM frame 2015-07-25 13:41:21 +00:00
191-usb-ehci-orion-fix-probe-for-GENERIC_PHY.patch mvebu: kirkwood: fix ehci-orion probe if generic-phy isn't enabled 2015-08-23 13:35:03 +00:00
200-fix_localversion.patch
201-extra_optimization.patch
202-reduce_module_size.patch
203-kallsyms_uncompressed.patch
204-module_strip.patch
205-backtrace_module_info.patch
210-darwin_scripts_include.patch
212-byteshift_portability.patch
214-spidev_h_portability.patch
220-gc_sections.patch
221-module_exports.patch
230-openwrt_lzma_options.patch
250-netfilter_depends.patch
251-sound_kconfig.patch
252-mv_cesa_depends.patch
253-ssb_b43_default_on.patch
254-textsearch_kconfig_hacks.patch
255-lib80211_kconfig_hacks.patch
256-crypto_add_kconfig_prompts.patch
257-wireless_ext_kconfig_hack.patch
258-netfilter_netlink_kconfig_hack.patch
259-regmap_dynamic.patch kmod-regmap: make regmap-mmio user selectable 2015-07-25 09:55:32 +00:00
260-crypto_test_dependencies.patch
262-compressor_kconfig_hack.patch
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch kernel: improve uapi headers coexistence with musl 2015-07-03 11:48:45 +00:00
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch kernel: improve uapi headers coexistence with musl 2015-07-03 11:48:45 +00:00
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch kernel: improve uapi headers coexistence with musl 2015-07-03 11:48:45 +00:00
300-mips_expose_boot_raw.patch
301-mips_image_cmdline_hack.patch
302-mips_no_branch_likely.patch
304-mips_disable_fpu.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
305-mips_module_reloc.patch mips: Free memory when load_module fails (#14453) 2015-07-07 13:48:27 +00:00
306-mips_mem_functions_performance.patch
307-mips_highmem_offset.patch kernel: adjust mips highmem offset to avoid the need for -mlong-calls on systems with >256M RAM 2015-06-05 08:07:35 +00:00
309-mips_fuse_workaround.patch
310-arm_module_unresolved_weak_sym.patch
320-ppc4xx_optimization.patch
321-powerpc_crtsavres_prereq.patch
330-MIPS-kexec-Accept-command-line-parameters-from-users.patch
400-mtd-add-rootfs-split-support.patch
401-mtd-add-support-for-different-partition-parser-types.patch
402-mtd-use-typed-mtd-parsers-for-rootfs-and-firmware-split.patch
403-mtd-hook-mtdsplit-to-Kbuild.patch
404-mtd-add-more-helper-functions.patch
405-mtd-old-firmware-uimage-splitter.patch
406-mtd-old-rootfs-squashfs-splitter.patch
410-mtd-move-forward-declaration-of-struct-mtd_info.patch
411-mtd-partial_eraseblock_write.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
412-mtd-partial_eraseblock_unlock.patch
420-mtd-redboot_space.patch
430-mtd-add-myloader-partition-parser.patch
431-mtd-bcm47xxpart-support-for-Xiaomi-specific-board_da.patch
432-mtd-bcm47xxpart-detect-T_Meter-partition.patch
440-block2mtd_init.patch
441-block2mtd_probe.patch
450-mtd-nand-allow-to-use-platform-specific-chip-fixup.patch
451-mtd-nand-fix-return-code-of-nand_correct_data-function.patch
460-mtd-cfi_cmdset_0002-no-erase_suspend.patch
461-mtd-cfi_cmdset_0002-add-buffer-write-cmd-timeout.patch
472-mtd-m25p80-add-support-for-Winbond-W25X05-flash.patch kernel: update 4.0 to 4.0.8 2015-07-11 19:59:05 +00:00
473-mtd-spi-nor-add-support-for-the-Macronix-MX25L512E-S.patch
474-mtd-spi-nor-add-support-for-the-ISSI-SI25CD512-SPI-f.patch
480-mtd-set-rootfs-to-be-root-dev.patch
490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch
491-ubi-auto-create-ubiblock-device-for-rootfs.patch kernel: update 4.0 to 4.0.5 2015-06-19 11:12:43 +00:00
492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch
493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch kernel: update 4.0 to 4.0.5 2015-06-19 11:12:43 +00:00
494-mtd-ubi-add-EOF-marker-support.patch
500-yaffs-Kbuild-integration.patch
502-yaffs-fix-compat-tags-handling.patch
503-yaffs-add-tags-9bytes-mount-option.patch kernel: yaffs2: update to version from 2015-06-02 2015-08-15 17:16:03 +00:00
504-yaffs-3.16-new-fops.patch
505-yaffs-3.19-f_dentry-remove.patch kernel: yaffs2: update to version from 2015-06-02 2015-08-15 17:16:03 +00:00
520-squashfs_update_xz_comp_opts.patch
530-jffs2_make_lzma_available.patch
531-debloat_lzma.patch
532-jffs2_eofdetect.patch
540-crypto-xz-decompression-support.patch
541-ubifs-xz-decompression-support.patch
551-ubifs-fix-default-compression-selection.patch
600-netfilter_conntrack_flush.patch
610-netfilter_match_bypass_default_checks.patch
611-netfilter_match_bypass_default_table.patch
612-netfilter_match_reduce_memory_access.patch
613-netfilter_optional_tcp_window_check.patch
615-netfilter_add_xt_id_match.patch
616-net_optimize_xfrm_calls.patch
620-sched_esfq.patch
630-packet_socket_type.patch kernel: update 4.0 to 4.0.8 2015-07-11 19:59:05 +00:00
640-bridge_no_eap_forward.patch kernel: describe bridge patch "no EAP forward" 2015-09-08 16:42:50 +00:00
641-bridge_always_accept_eap.patch kernel: describe bridge patch "always accept EAP" 2015-09-08 16:42:58 +00:00
642-bridge_port_isolate.patch kernel: describe bridge patch "port isolate" 2015-09-08 16:43:04 +00:00
643-bridge_remove_ipv6_dependency.patch kernel: describe bridge patch "remove IPv6 depependency of bridge in 2.6.38+" 2015-09-08 16:43:10 +00:00
645-bridge_multicast_to_unicast.patch kernel: describe bridge patch "multicast to unicast" 2015-09-08 16:43:32 +00:00
650-pppoe_header_pad.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
651-wireless_mesh_header.patch
652-atm_header_changes.patch
653-disable_netlink_trim.patch kernel: update 4.0 to 4.0.7 2015-06-30 23:26:13 +00:00
655-increase_skb_pad.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
656-skb_reduce_truesize-helper.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
657-qdisc_reduce_truesize.patch
660-fq_codel_defaults.patch
661-fq_codel_keep_dropped_stats.patch
662-use_fq_codel_by_default.patch
663-remove_pfifo_fast.patch
664-codel_fix_3_12.patch kernel: update 4.0 to 4.0.7 2015-06-30 23:26:13 +00:00
666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
667-ipv6-Fixed-source-specific-default-route-handling.patch generic/4.0: fix error during kernel patch application 2015-05-20 19:23:33 +00:00
670-ipv6-allow-rejecting-with-source-address-failed-policy.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
671-net-provide-defines-for-_POLICY_FAILED-until-all-cod.patch
680-NET-skip-GRO-for-foreign-MAC-addresses.patch
681-NET-add-of_get_mac_address_mtd.patch kernel: fix build with CONFIG_MTD unset 2015-07-14 07:38:47 +00:00
700-swconfig.patch
701-phy_extension.patch
702-phy_add_aneg_done_function.patch kernel: update 4.0 to 4.0.8 2015-07-11 19:59:05 +00:00
703-phy-add-detach-callback-to-struct-phy_driver.patch
704-phy-no-genphy-soft-reset.patch kernel: update 4.0 to 4.0.8 2015-07-11 19:59:05 +00:00
710-phy-add-mdio_register_board_info.patch
720-phy_adm6996.patch
721-phy_packets.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
722-phy_mvswitch.patch
723-phy_ip175c.patch
724-phy_ar8216.patch
725-phy_rtl8306.patch
726-phy_rtl8366.patch
727-phy-rtl8367.patch
728-phy-rtl8367b.patch
729-phy-tantos.patch
730-phy_b53.patch
731-phy_mvswitch_3.10_compilation.patch
732-phy-ar8216-led-support.patch
733-phy_mvsw61xx.patch
750-hostap_txpower.patch
773-bgmac-add-srab-switch.patch
780-igb-Fix-Null-pointer-dereference-in-igb_reset_q_vect.patch
785-hso-support-0af0-9300.patch kernel: update 4.0 to 4.0.5 2015-06-19 11:12:43 +00:00
810-pci_disable_common_quirks.patch kernel: update 4.0 to 4.0.9 2015-07-22 12:51:04 +00:00
811-pci_disable_usb_common_quirks.patch
820-usb_add_usb_find_device_by_name.patch generic/4.0: update to 4.0.4 2015-05-26 09:31:16 +00:00
830-ledtrig_morse.patch
831-ledtrig_netdev.patch
832-ledtrig_usbdev.patch
834-ledtrig-libata.patch kernel: update 4.0 to 4.0.5 2015-06-19 11:12:43 +00:00
840-rtc7301.patch
841-rtc_pt7c4338.patch
861-04_spi_gpio_implement_spi_delay.patch
862-gpio_spi_driver.patch
863-gpiommc.patch
864-gpiommc_configfs_locking.patch
870-hifn795x_byteswap.patch
880-gateworks_system_controller.patch
890-8250_optional_sysrq.patch
900-slab_maxsize.patch
901-debloat_sock_diag.patch
902-debloat_proc.patch
903-debloat_direct_io.patch
910-kobject_uevent.patch
911-kobject_add_broadcast_uevent.patch
921-use_preinit_as_init.patch kernel: update 4.0 to 4.0.9 2015-07-22 12:51:04 +00:00
922-always-create-console-node-in-initramfs.patch
930-crashlog.patch
940-ocf_kbuild_integration.patch
941-ocf_20120127.patch
960-decompress_unlzo_fix.patch
970-remove-unsane-filenames-from-deps_initramfs-list.patch
980-arm_openwrt_machtypes.patch kernel: generic: add missing arm machtypes 2015-07-05 21:32:49 +00:00
990-gpio_wdt.patch
995-mangle_bootargs.patch
997-device_tree_cmdline.patch
998-enable_wilink_platform_without_drivers.patch