On Thursday 2008-05-15 11:21, Anton wrote: >Regarding the performance of the lookup of the iptables >rules for match inside the kernel, is there any plans to >improve the behaviour or no plans in this area yet? > >For example on the transit gateway I have ~500 rules which >mark the packet, according to the client source IP - with >unique mark per client IP - so I have 500 unique marks >there, and so cannot use IPSET, and only IPTABLES - but >it's known that iptables insert/lookup is very slow on huge >rulesets (atleat with iptables 1.3.x) and slowness >progresses approximatelly exponentially on growth of rules >number. > >Do I miss anything? You missed IPMARK from Xtables-addons which does the marking in O(1) instead of O(n). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
