* [LARTC] u32 match versus iptables CLASSIFY target - performance
@ 2006-01-30 12:15 Cristian Carstea
2006-01-30 12:28 ` Dmytro O. Redchuk
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Cristian Carstea @ 2006-01-30 12:15 UTC (permalink / raw)
To: lartc
hello,
i have a question:
- which one is faster: "tc filter with u32 match per dst ip" or "iptables
match per dst ip with target CLASSIFY"?
- this question is for large rulesets (over 500)
thank you,
cristian carstea
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] u32 match versus iptables CLASSIFY target - performance
2006-01-30 12:15 [LARTC] u32 match versus iptables CLASSIFY target - performance Cristian Carstea
@ 2006-01-30 12:28 ` Dmytro O. Redchuk
2006-01-30 15:44 ` Cristian Carstea
2006-01-30 16:08 ` Dmytro O. Redchuk
2 siblings, 0 replies; 4+ messages in thread
From: Dmytro O. Redchuk @ 2006-01-30 12:28 UTC (permalink / raw)
To: lartc
On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote:
> hello,
>
> i have a question:
> - which one is faster: "tc filter with u32 match per dst ip" or "iptables
> match per dst ip with target CLASSIFY"?
> - this question is for large rulesets (over 500)
use hashes if it's possible to hash those "ip dst".
>
> thank you,
> cristian carstea
--
_,-=._ /|_/|
`-.} `=._,.-=-._., @ @._,
`._ _,-. ) _,.-'
` G.m-"^m`m' Dmytro O. Redchuk
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] u32 match versus iptables CLASSIFY target - performance
2006-01-30 12:15 [LARTC] u32 match versus iptables CLASSIFY target - performance Cristian Carstea
2006-01-30 12:28 ` Dmytro O. Redchuk
@ 2006-01-30 15:44 ` Cristian Carstea
2006-01-30 16:08 ` Dmytro O. Redchuk
2 siblings, 0 replies; 4+ messages in thread
From: Cristian Carstea @ 2006-01-30 15:44 UTC (permalink / raw)
To: lartc
> On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote:
>> hello,
>>
>> i have a question:
>> - which one is faster: "tc filter with u32 match per dst ip" or
"iptables match per dst ip with target CLASSIFY"?
>> - this question is for large rulesets (over 500)
>
> use hashes if it's possible to hash those "ip dst".
can you please detail this a little?
thank you,
cristian carstea
>
>>
>> thank you,
>> cristian carstea
>
> --
> _,-=._ /|_/|
> `-.} `=._,.-=-._., @ @._,
> `._ _,-. ) _,.-'
> ` G.m-"^m`m' Dmytro O. Redchuk
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] u32 match versus iptables CLASSIFY target - performance
2006-01-30 12:15 [LARTC] u32 match versus iptables CLASSIFY target - performance Cristian Carstea
2006-01-30 12:28 ` Dmytro O. Redchuk
2006-01-30 15:44 ` Cristian Carstea
@ 2006-01-30 16:08 ` Dmytro O. Redchuk
2 siblings, 0 replies; 4+ messages in thread
From: Dmytro O. Redchuk @ 2006-01-30 16:08 UTC (permalink / raw)
To: lartc
On Mon, Jan 30, 2006 at 05:44:17PM +0200, Cristian Carstea wrote:
>
> > On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote:
> >> hello,
> >>
> >> i have a question:
> >> - which one is faster: "tc filter with u32 match per dst ip" or
> "iptables match per dst ip with target CLASSIFY"?
> >> - this question is for large rulesets (over 500)
> >
> > use hashes if it's possible to hash those "ip dst".
>
> can you please detail this a little?
Mmmm... With my english..
Try this:
http://lartc.org/howto/lartc.adv-filter.hashing.html
-------
You can filter packets with hash table, you can cascade hashes.
Each cell in hash table can contain many filters (it seems not to be
stated in the HOWTO; but it's possible an it's great).
>
> thank you,
> cristian carstea
--
_,-=._ /|_/|
`-.} `=._,.-=-._., @ @._,
`._ _,-. ) _,.-'
` G.m-"^m`m' Dmytro O. Redchuk
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-01-30 16:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-30 12:15 [LARTC] u32 match versus iptables CLASSIFY target - performance Cristian Carstea
2006-01-30 12:28 ` Dmytro O. Redchuk
2006-01-30 15:44 ` Cristian Carstea
2006-01-30 16:08 ` Dmytro O. Redchuk
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.