On mån, 2008-07-07 at 10:06 +0200, Jan Engelhardt wrote: > On Monday 2008-07-07 05:32, hamid jafarian wrote: > > > >To see Ver1.0 Features and throughput tests: http://iptablestng.sourceforge.net/ > > > "Adding 10000 rules" taking 5 minutes 11 seconds. > That's a hilarious joke still, because you should not be using iptables > for that; at least not now. > > # time iptables-restore 10000.rules > > real 0m0.120s > user 0m0.079s > sys 0m0.039s I'd say there is something wrong in the time measurements presented on the web site real (total) time: 5m11.622s user space time: 0m12.242s kernel space time: 0m17.609s 12s user + 17s kernel is nowhere near 5m real time.. A more interesting test is to show the iptables time for single rule modifications as a function of the ruleset size. Comparing iptables-restore batches isn't that interesting as a performance point, other than when testing libiptc for stupidities.. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
