From mboxrd@z Thu Jan 1 00:00:00 1970 From: KOVACS Krisztian Subject: Re: iptables performance and alternatives Date: Tue, 20 May 2008 09:42:09 +0200 Message-ID: <20080520074209.GA25258@sch.bme.hu> References: <200805151421.23862.anton.vazir@gmail.com> <20080515093413.GC3442@khasse.inl.fr> <1210854534.32691.11.camel@henriknordstrom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: netfilter-devel@vger.kernel.org To: Henrik Nordstrom Return-path: Received: from centaur.sch.bme.hu ([152.66.208.5]:58874 "EHLO centaur.sch.bme.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756244AbYETHmM (ORCPT ); Tue, 20 May 2008 03:42:12 -0400 Content-Disposition: inline In-Reply-To: <1210854534.32691.11.camel@henriknordstrom.net> Sender: netfilter-devel-owner@vger.kernel.org List-ID: Hi Henrik, On Thu, May 15, 2008 at 02:28:54PM +0200, Henrik Nordstrom wrote: > > On Thursday, 2008 May 15 at 14:21:23 +0500, Anton wrote: > > > Regarding the performance of the lookup of the iptables > > > rules for match inside the kernel, is there any plans to > > > improve the behaviour or no plans in this area yet? > > > > Nf hipac is an alternative: http://www.hipac.org/ > > Unfortunately a somewhat dead one as MARA Systems after all has selected > to develop this privately in future, so it's quite unlikely NF-HiPAC > will see any significant updates unless someone else picks up the > project. Really sad - although I can understand why they did this. BTW, would there be any interest in at least getting the last published version compile and work on recent kernels? -- KOVACS Krisztian