Hi @all, I got myself a pretty strange situation here, that I am stuck at debugging any further myself - not even sure if this might be expected behavior. Setup is the following: - custom built linux kernel v4.14.137 (with preempt_rt patch, aarch64) - nft v0.9.8 (and matching libraries) One of the first things I do after entering userspace is loading a rather simple ruleset (containing ~100 rules in 7 chains) via "nft -f ruleset.conf". I want to get this done even before setting up the network interfaces, so it's just nft being executed - nothing else at this point in time. What I observe here is a total setup time of about 300ms on the initial call, but about 150ms on subsequent calls or when called again later when the system is fully up and running (and even more loaded). Most of the time is consumed during the sendmsg call to the kernel. So my questions would be: - Is a setup time of 300ms in line with what would be generally expected for a small ruleset? Are there any reference values available? - What is happening behind the scenes that would explain the difference between the first and the subsequent calls? Regards, Martin
