On Mon, Feb 06, 2017 at 07:47:47PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@xxxxxxxxx> > > When using "-w" to avoid concurrent instances, we try to do flock() every > one second until it success. But one second maybe too long in some > situations, and it's hard to select a suitable interval time. So when > using "iptables -w" to wait indefinitely, it's better to block until > it become success. > > Now do some performance tests. First, flush all the iptables rules in > filter table, and run "iptables -w -S" endlessly: > # iptables -F > # iptables -X > # while : ; do > iptables -w -S >&- & > done > > Second, after adding and deleting the iptables rules 100 times, measure > the time cost: > # time for i in $(seq 100); do > iptables -w -A INPUT > iptables -w -D INPUT > done > > Before this patch: > real 1m15.962s > user 0m0.224s > sys 0m1.475s > > Apply this patch: > real 0m1.830s > user 0m0.168s > sys 0m1.130s Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
