On Monday 2011-08-08 13:49, Pandu Poluan wrote: >(forgot cc: list first time around) > >On Mon, Aug 8, 2011 at 14:51, Marek Kierdelewicz <marek@xxxxxxxxx> wrote: >> Hi, >> >>>Has anyone ever researched the latency of xtables when a Linux box >>>functions as a firewall? >> >> This paper is a nice read: >> http://www.google.com/url?sa=t&source=web&cd=6&ved=0CE0QFjAF&url=http%3A%2F%2Fcourseware.ee.calpoly.edu%2F3comproject%2FPublished%2520Papers%2Fsecurity.pdf&rct=j&q=iptables%20netfilter%20latency%20paper%20pdf&ei=2pI_Tu-VKITJswbov5Qg&usg=AFQjCNFjUZwGHDhdBhtxwQgqlQbYCMjBFw&cad=rja >> > >Whoa, very nice paper! Thanks for the link; my Google-fu failed to find that > >> It's very detailed on the issue of rule overhead (Conclusion 5.1 b). >> Unfortunately paper is from 2002. Since then most of the code was >> rewritten. Maybe we, as netfilter community, should lobby some >> university professor to let his students do a *remake* of this >> work ;-). Anyone here with ties to education sector? >> > >A 'remake' would be okay, IMO, since both the hardware platform *and* >the code itself have been evolving. > >Maybe with more test cases/scenarios, and a *huge* and/or comples >iptables rules :-) http://jengelh.medozas.de/documents/Love_for_blobs.pdf -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
