Am Monday 24 May 2004 00:30 schrieb Ed Wildgoose: > If he wanted to keep the system of using iptables to classify and tc to > filter, then couldn't he look at using seperate filter chains to > decrease the search space? Is there any other way to implement iptables hashing than using new chains? I can't think of any right now. > Also, what about using return rules to speedup the search times in a > given filter chain? If you mean adding one return rule after every match test, then only if that doesn't require testing the same thing twice. Since otherwise you'll double the number of tests for all packets that don't match at all or match to the last rule. > I think his point was actually that it was not a CPU issue without > adding that one particular rule. But perhaps you will have more success > asking on the iptables list? If it is one *single* rule, then I'd consider this a bug. If it's the same rule 3000+ times, then it's probably normal, depending on the cost of that particular test. Andreas _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
