- Subject: Re: ipables and caching
- From: Jan Engelhardt <jengelh@xxxxxxxxxx>
- Date: Mon, 30 Jan 2012 01:00:25 +0100 (CET)
- Cc: Mail List - Netfilter <netfilter@xxxxxxxxxxxxxxx>
- In-reply-to: <9B90546135A9F09A0A6271DF@Ximines.local>
- User-agent: Alpine 2.01 (LNX 1266 2009-07-14)
On Friday 2012-01-27 14:11, Alex Bligh wrote:
>
>>> I have a legacy application which forwards lots of packets (router,
>>> essentially) and uses a lot of sometimes badly written autogenerated
>>> iptables rules (about 3,000 of them).
>>>
>>> I am seeing on a good day high route cache efficiency. Do packets
>>> which do not follow the slow path (i.e. cache hits) also cache
>>> what iptables rules they hit? Nothing fancy in use bar conn_track.
>>
>> Whether the route lookup was satisfied by cache or not plays no role
>> for Xtables execution.
>
>Thanks. I don't suppose you know of any work on caching iptables lookups
That would not quite work with e.g. matches that change depending on the
moonphase, such as -m statistic --mode nth.
>or non-linearising lookups? I am thinking of rules in the FORWARD chain which
>either select by source prefix or interface (or the destination equivalent)
>and if the criterion is met, jump to another rule.
Partly by use of ipset.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
