I’m making a packet filterer running on Ubuntu 12.04 that uses libipq as a library to copy packets to user space. libipq’s logic works fine for me, my problem is that I’ve noticed that using libipq versus not using libipq has a significant impact on performance. If I remove the iptable rule added for my program and let the kernel process the packet, the speed is 50 MB/s. However, when using libipq and reverting my iptables rules, the speed drops to 1 MB/s (if I’m lucky), which is usually only half.

I wonder, will there be a problem with my iptable rules? Is it possible to use the rules more efficiently, or is libipq just that inefficient (or my code, even though I don’t do that much)? This is the script I used to set iptable rules:

#!/bin/sh
modprobe iptable_filter
modprobe ip_queue
iptables -A FORWARD -p icmp -j QUEUE
iptables -A FORWARD -p tcp -j QUEUE
iptables -A FORWARD -p udp-j QUEUE
iptables -A INPUT -p icmp -j QUEUE
iptables -A INPUT -p tcp -j QUEUE
iptables -A INPUT -p udp -j QUEUE

Other than that, my iptable rules are the default settings that come with Ubuntu.

Note: My setup is for client and server VMs on two different subnets and bridged using NAT and IP masquerading using my Ubuntu VMs.

Libipq has been deprecated and replaced by a newer libnetfilter_queue