From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ed Wildgoose <lists@wildgooses.com>
Date: Sun, 23 May 2004 22:30:57 +0000
Subject: Re: [LARTC] MARK causes high CPU usage / using tc in conjunction
Message-Id: <40B12621.2010304@wildgooses.com>
List-Id: <lartc.vger.kernel.org>
References: <40AFC555.1010900@digis.net>
In-Reply-To: <40AFC555.1010900@digis.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


>Well, if you have 3000+ rules like that, it will certainly slow you down.
>You should use some kind of hashing. How that is done for tc filters,
>is described here: http://www.lartc.org/lartc.html#LARTC.ADV-FILTER.HASHING
>
>Apply the same (or a similar) mechanism to your iptables ruleset and 
>you should get improved speeds.
>  
>

If he wanted to keep the system of using iptables to classify and tc to 
filter, then couldn't he look at using seperate filter chains to 
decrease the search space?

Also, what about using return rules to speedup the search times in a 
given filter chain?

I think his point was actually that it was not a CPU issue without 
adding that one particular rule.  But perhaps you will have more success 
asking on the iptables list?

Good luck

Ed W
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/