The current if_bridge implementation contends heavily on a single BRIDGE_LOCK mutex. As a result it's limited to a little over 1 million packets per second, regardless of the number of cores in the system. This means, for small packets, it can just about saturate a 1Gbps link, but little more than that. The overall idea is to replace the single mutex by two read-mostly locks, one protecting the overall bridge, and a second to protect the forwarding table. The vast majority of packets will only require read locks, allowing multiple cores to pass packets over the bridge simultaneously.