hi,
This tests are done about 3 years ago, with one P3 system and in the
graphical environment of Fedor C4.
I redo this tests in CentOS with DualCore 2Ghz Processor..
New version take about 18s- user: 4s kernel: 14s
Current version take about 2m
but..
>> # time iptables-restore 10000.rules
>>
>> real 0m0.120s
>> user 0m0.079s
>> sys 0m0.039s
>
> Comparing iptables-restore batches isn't that interesting as a
> performance point, other than when testing libiptc for stupidities..
yes, iptables-restore and iptables-save commands are batch mode
commands (because of the coding style of the current version but not
in this new version) , and not good checks for performance in the
interactive environment..
in the real world, they may be used at the system startup&shutdown..
> I'd say there is something wrong in the time measurements presented on
> the web site
>
> real (total) time: 5m11.622s
> user space time: 0m12.242s
> kernel space time: 0m17.609s
>
> 12s user + 17s kernel is nowhere near 5m real time..
may be, i don't remember that days well but it may be the waiting
times because of system load..
>
> A more interesting test is to show the iptables time for single rule
> modifications as a function of the ruleset size.
>
yes, e.g. when we have 10,000 rule and we want to Replace one.. i will
test this..
i think, the best feature of this version is the classification algorithms..
be happy
--
Ya Ali. H.T.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
