[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: About matching
From: Wang Jian <lark () linux ! net ! cn>
Date: 2005-04-06 16:12:19
Message-ID: 20050407000158.02AA.LARK () linux ! net ! cn
[Download RAW message or body]
Hi,
I haven't looked into code on how these two rules are evaluated
iptables <match rule 1> -j CONNMARK --set-mark value/mask
iptables <match rule 1> -j RETURN
How many times the match rule 1 is evaluated when matched? If two, then
the second time is waste of CPU cycle.
Then think these three
iptables <match rule 1> -j CONNMARK --set-mark value/mask
iptables <match rule 1> -j CONNMARK --restore --mask mask
iptables <match rule 1> -j RETURN
Are there any optimization for such case?
--
lark
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic