[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: performance
From:       bof () oknodo ! bof ! de
Date:       2000-07-27 5:47:39
[Download RAW message or body]

> 64kb            0.01s           0.01s           0.01s           0.01s
...
> 16Mb            19.82s          19.981s s       19.949s s       19.955s s
> 
> i can't seem to find any relationship in these readings :(
> is there anything that i have done wrongly?

Some possibilities out of my magic hat:
- you did not give us the exact testing methodology.
- most of the tests run so short (if your numbers are seconds) that
  they won't be statistically meaningful anyway.
- your table, even at 40 entries, is so short that you probably
  have everything running in caches, or something.
- look at all the other code in the IP stack. iptables is a small part.
- you may want to vary several parameters in your test setup:
	- use a lot more rules than 40 (I'd do an exponential test
	  with 64, 128, 256, 512, and 1024 rules).
	- let each dummy rule jump to a subchain.
	- let each dummy rule jump to its own subchain.
	- use one, two, and more extended matches (-m something)
	  in addition to the easy IP address matching.
  I think that with 1024 rules all jumping needlessly to their own
  subchains after checking for some -m things, you will clearly see
  a slowdown. If not, just add another 1024 rules to each of the
  dummy subchains...

regards
  Patrick

[prev in list] [next in list] [prev in thread] [next in thread]