On Friday 2010-07-02 05:32, Simon Lodal wrote: >> >> This patchset adds the xtables2 main proper, and incrementally >> changes ip6_tables to use it. There are more patches for iptables >> and arptables and, but to not make it larger than needed, just this >> much for now. >> >> Previously featured on http://lwn.net/Articles/345176/ . > >Nice to see some new development! Guess we all have a long wishlist that is >hard to implement in the current design, and this may make it easier. > >But what about performance? I think all these lists must cause a huge amount >of jumps in hot path (eg. filtering packets). The packed blob format is hard to >work with, but once created it is efficient. Do you have any expectations or >even numbers on the performance? Your suspicion was right, linked lists seem to have their impact. The command I used was ping6 localhost -fc 500 -i .001 this sends 500 packets in near-flood fashion (-i0 would lead to packet drops). Xtables1 blob-style 2.6.31-rc4: 500 packets transmitted, 500 received, 0% packet loss, time 3532ms 500 packets transmitted, 500 received, 0% packet loss, time 3428ms 500 packets transmitted, 500 received, 0% packet loss, time 3388ms 500 packets transmitted, 500 received, 0% packet loss, time 3339ms 500 packets transmitted, 500 received, 0% packet loss, time 3219ms Xtables1 blob-style 2.6.34: 500 packets transmitted, 500 received, 0% packet loss, time 3405ms 500 packets transmitted, 500 received, 0% packet loss, time 3525ms 500 packets transmitted, 500 received, 0% packet loss, time 3426ms 500 packets transmitted, 500 received, 0% packet loss, time 3388ms 500 packets transmitted, 500 received, 0% packet loss, time 3328ms Xtables2 (linked lists) 2.6.35-rc1: 500 packets transmitted, 500 received, 0% packet loss, time 14775ms 500 packets transmitted, 500 received, 0% packet loss, time 14383ms 500 packets transmitted, 500 received, 0% packet loss, time 14381ms 500 packets transmitted, 500 received, 0% packet loss, time 15432ms 500 packets transmitted, 500 received, 0% packet loss, time 14498ms nftables (uses linked lists) 2.6.31-rc4: 500 packets transmitted, 500 received, 0% packet loss, time 16198ms 500 packets transmitted, 500 received, 0% packet loss, time 16128ms 500 packets transmitted, 500 received, 0% packet loss, time 16492ms 500 packets transmitted, 500 received, 0% packet loss, time 16451ms 500 packets transmitted, 500 received, 0% packet loss, time 16475ms Well I guess Xt2 isn't the total backlight :-) Do you have any suggestions for improvement though? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
