From: Eddy Kvetny <eddy_kvetny@xxxxxxxxx> Date: Wed, 5 Apr 2006 07:03:05 -0700 (PDT) > Right after "insmod ip_conntrack.ko" the throughput > drastically falls to 28 kpps (-12 kpps or -30% !!!). Yes, this is pretty much what the cost of netfilter is for a router. This has been known and well understood for a long time, and solutions to this problem are not easy which is why there hasn't been any progress in this area to date.
