[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: performance
From: bof () oknodo ! bof ! de
Date: 2000-07-27 5:47:39
[Download RAW message or body]
> 64kb 0.01s 0.01s 0.01s 0.01s
...
> 16Mb 19.82s 19.981s s 19.949s s 19.955s s
>
> i can't seem to find any relationship in these readings :(
> is there anything that i have done wrongly?
Some possibilities out of my magic hat:
- you did not give us the exact testing methodology.
- most of the tests run so short (if your numbers are seconds) that
they won't be statistically meaningful anyway.
- your table, even at 40 entries, is so short that you probably
have everything running in caches, or something.
- look at all the other code in the IP stack. iptables is a small part.
- you may want to vary several parameters in your test setup:
- use a lot more rules than 40 (I'd do an exponential test
with 64, 128, 256, 512, and 1024 rules).
- let each dummy rule jump to a subchain.
- let each dummy rule jump to its own subchain.
- use one, two, and more extended matches (-m something)
in addition to the easy IP address matching.
I think that with 1024 rules all jumping needlessly to their own
subchains after checking for some -m things, you will clearly see
a slowdown. If not, just add another 1024 rules to each of the
dummy subchains...
regards
Patrick
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic