Re: Benchmark - Michael Gale

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Gale <michael.gale@utilitran.com>
To: netfilter@lists.netfilter.org
Subject: Re: Benchmark
Date: Tue, 13 Jul 2004 15:17:47 -0600	[thread overview]
Message-ID: <20040713151747.5af1ef20@mgalepc.utilitran.com> (raw)
In-Reply-To: <1089752682.6507.7.camel@aflores>

Hello,

	Well I am not expert but I think that user chains could improve performance. If you had in total 1000 rules and no user
chains, a packet may have to go through 999 rules to find a match or no match. If you broke up your 1000 rules into 25
different user chains a packet would at most have to be matched against 24 user chains and then only be checked against
required chains and not other rules.

Michael.


On Tue, 13 Jul 2004 18:04:43 -0300
Alejandro Flores <alejandro.flores@triforsec.com.br> wrote:

> 	Hello there,
> 
> 	Well, I've been teaching netfilter/iptables for a while, and always
> there's someone asking about performance. Normally, they use other kind
> of firewall, like cisco pix or checkpoint. Is there any benchmark out
> there?
> 	Another point is, how much user-chains can degrade the performance?
> IMHO, user chains are simple the best to help you organize and separate
> rules in groups. But, how can I measure if it's degrading the
> performance?
> 
> Thanks!
> Alejandro
> 
> Ps. Sorry my poor english!
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

next prev parent reply	other threads:[~2004-07-13 21:17 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-13 21:04 Benchmark Alejandro Flores
2004-07-13 21:17 ` Michael Gale [this message]
2004-07-13 21:32   ` Benchmark Alejandro Flores
2004-07-14  1:41     ` Benchmark Julian Gomez
  -- strict thread matches above, loose matches on Subject: below --
2010-01-11 13:28 benchmark michel m
2010-01-12  5:26 ` benchmark Casey Schaufler
2004-10-07 12:53 benchmark Lorenzo PARISI
1998-07-19 15:35 benchmark Francis M. J. Hsieh
     [not found] ` <19980719183508.16421@uni-koblenz.de>
1998-07-19 16:38   ` benchmark Francis M. J. Hsieh
     [not found]     ` <19980719185452.26463@uni-koblenz.de>
1998-07-19 17:25       ` benchmark Francis M. J. Hsieh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040713151747.5af1ef20@mgalepc.utilitran.com \
    --to=michael.gale@utilitran.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.