On Tue, Nov 08, 2011 at 04:12:27PM +0100, Hans Schillstrom wrote: > >BTW, do you have some number of this running with and without > >conntrack? It would be interesting to have. > > I didn't save them, but I can make a new benchmark later on. Thanks, I'm interested in them. It can be just xt_HMARK with and without conntrack enabled. Also make sure that you use stateful rule-set if conntrack is enabled (thus, resulting in hashing only once, not every packet). Otherwise, conntrack will not provide any improvement. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
