Jan Engelhardt wrote:
On Friday 2010-07-02 05:32, Simon Lodal wrote:
This patchset adds the xtables2 main proper, and incrementally
changes ip6_tables to use it. There are more patches for iptables
and arptables and, but to not make it larger than needed, just this
much for now.
Previously featured on http://lwn.net/Articles/345176/ .
Nice to see some new development! Guess we all have a long wishlist that is
hard to implement in the current design, and this may make it easier.
But what about performance? I think all these lists must cause a huge amount
of jumps in hot path (eg. filtering packets). The packed blob format is hard to
work with, but once created it is efficient. Do you have any expectations or
even numbers on the performance?
Your suspicion was right, linked lists seem to have their impact.
The command I used was
ping6 localhost -fc 500 -i .001
this sends 500 packets in near-flood fashion (-i0 would lead to
packet drops).
Xtables1 blob-style 2.6.31-rc4:
500 packets transmitted, 500 received, 0% packet loss, time 3532ms
500 packets transmitted, 500 received, 0% packet loss, time 3428ms
500 packets transmitted, 500 received, 0% packet loss, time 3388ms
500 packets transmitted, 500 received, 0% packet loss, time 3339ms
500 packets transmitted, 500 received, 0% packet loss, time 3219ms
Xtables1 blob-style 2.6.34:
500 packets transmitted, 500 received, 0% packet loss, time 3405ms
500 packets transmitted, 500 received, 0% packet loss, time 3525ms
500 packets transmitted, 500 received, 0% packet loss, time 3426ms
500 packets transmitted, 500 received, 0% packet loss, time 3388ms
500 packets transmitted, 500 received, 0% packet loss, time 3328ms
Xtables2 (linked lists) 2.6.35-rc1:
500 packets transmitted, 500 received, 0% packet loss, time 14775ms
500 packets transmitted, 500 received, 0% packet loss, time 14383ms
500 packets transmitted, 500 received, 0% packet loss, time 14381ms
500 packets transmitted, 500 received, 0% packet loss, time 15432ms
500 packets transmitted, 500 received, 0% packet loss, time 14498ms
While this is probably a pretty bad test, you can't seriously expect
me to merge something that degrades performance by 400% for all users?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
