[libvirt PATCH 2/2] nwfilter: Use immediate paket delivery mode rather than buffering
Eric Blake
eblake at redhat.com
Thu Jan 30 15:15:27 UTC 2020
On 1/30/20 8:43 AM, Erik Skultety wrote:
> Our nwfilter code doesn't set any timeout on the pcap paket buffer which
packet
> means that when DHCP snooping is enabled on a guest interface and
> libvirt is trying to learn the IP address from guest's DHCP traffic, it
> takes up to 4x longer to ping a guest successfully compared to a case
> where nwfilter isn't enabled at all or libvirt uses the cached nwfilter
> leases to populate the corresponding rules to ebtables.
> With the pcap filter and rate limiting already in place, we should be
> able to afford enabling the immediate paket delivery, FWIW immediate
packet
> mode was actually the default prior libpcap-1.5.0 (CentOS 6) regardless
> of whether a buffer was requested.
>
> The lack of any kind of timeout on the pcap buffer messed with the
> libvirt TCK test suite which, even with a generous timeout in place,
> timeouts every single time simply because it takes a while until
> guest actually starts producing any kind of traffic to fill up
> the buffer in place (appart from the DHCP traffic which happens fairly
apart
> early on).
>
> Signed-off-by: Erik Skultety <eskultet at redhat.com>
> ---
>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
More information about the libvir-list
mailing list