On Tuesday 2010-06-22 11:53, Jozsef Kadlecsik wrote: >> > >Well, that is not the case. With 2.6.18.8 latency is same as 6 msecs. >> > >> > I think what you see could be noise. >> > >> > See commit 848484c08cb4ad161074262994410387585259ff in >> > xtables-addons. There I needed 3000 ping packets (sent with ping -f) >> > *and* a linear search of 10000 ranges to get above 2000 msec overhead >> > for a single rule. >> >> The impact of one more rule should be negligible. Something is bad there, >> but we know too little on the setup, the configuration: what kind of >> architecture, hardware you run the testing? What do you get when you >> replace the rules with similar ones but with pure "-s src" matching, i.e. >> without calling ipset? And it'd be good if you'd test a recent kernel as >> well. 2.6.27 is almost two years old. > >I meant by "you" the OP, that is Krunal. :-) I know but that does not stop me to add in related information anyway. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
