From 7dda0ac981b62463f50ab3267a66d4d2222fc5dd Mon Sep 17 00:00:00 2001
From: Justin Pettit <jpettit@nicira.com>
Date: Wed, 29 Apr 2009 15:43:57 -0700
Subject: [PATCH] Fix policing performance issues with VIFs.

Policing is configured with the "tc" command.  By default, it picks up
the MTU from the interface having policy applied.  When a guest operating
systems is configured for segmentation offloading, the packets handed to
DOM0 may be substantially larger than the MTU.  The policing code was
dropping these packets, which caused performance to dive.  We now
configure policing with an MTU of 64K, which solves the problem.

Thanks to Ben for diagnosing the problem.
---
 lib/netdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/netdev.c b/lib/netdev.c
index f1dd5c49..5704777c 100644
--- a/lib/netdev.c
+++ b/lib/netdev.c
@@ -1194,7 +1194,7 @@ netdev_get_stats(const struct netdev *netdev, struct netdev_stats *stats)
 }
 
 #define POLICE_ADD_CMD "/sbin/tc qdisc add dev %s handle ffff: ingress"
-#define POLICE_CONFIG_CMD "/sbin/tc filter add dev %s parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate %dkbit burst %dk drop flowid :1"
+#define POLICE_CONFIG_CMD "/sbin/tc filter add dev %s parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate %dkbit burst %dk mtu 65535 drop flowid :1"
 #define POLICE_DEL_CMD "/sbin/tc qdisc del dev %s handle ffff: ingress"
 
 /* Attempts to set input rate limiting (policing) policy. */
-- 
2.30.2