On Tuesday 2010-06-22 07:41, Nishit Shah wrote: >> On Monday 2010-06-21 17:18, krunal patel wrote: >>>>> iptables -A FORWARD -m set ! --set testip src >>>>> iptables -A FORWARD -m set ! --set testip src >>>>> iptables -A FORWARD -m set --set testip src >> >> No question that reevaluating the same thing over and over >> increases runtime... > >Well, that is not the case. With 2.6.18.8 latency is same as 6 msecs. I think what you see could be noise. See commit 848484c08cb4ad161074262994410387585259ff in xtables-addons. There I needed 3000 ping packets (sent with ping -f) *and* a linear search of 10000 ranges to get above 2000 msec overhead for a single rule. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
