On Thu, 2008-07-03 at 14:42 +0200, Patrick McHardy wrote: > Please work this out among yourselves. I think we should just pick > the faster one since both don't look very intrusive. Well, Jesper's version doesn't build any extra data-structures, so you save time&space there, and the offsets stuff is really only needed once, so the chain_index rebuilding penalty doesn't play a role. And since about 2/3s of time it takes to load my 50k Chains now is system time, it's probably irrelevant whether 0 + O(n * (log(n/40)+40)) is sometimes larger than O(n+n/1024) + O(log(n)). Mine vs. Jesper's: iptables-restore (50k chains, 120k rules), average for 10 runs: User: 2.558 s - System: 8.672 s - Total : 11.222 s vs User: 2.622 s - System: 8.520 s - Total : 11.140 s iptables -vnL SOMECHAIN (2 entries, with the above ruleset in kernel), average for 20 runs User: .094 s - System: .363 s - Total : .455 s vs User: .085 s - System: .389 s - Total : .472 s Those numbers are all within the standard deviations of each other, so there is no difference for practical purposes, I think :-) I would use Jesper's patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
