All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Too slow computer?
Date: Tue, 09 Aug 2005 17:46:34 +0000	[thread overview]
Message-ID: <42F8EBFA.2020309@dsl.pipex.com> (raw)
In-Reply-To: <20050809165318.29066.qmail@web32604.mail.mud.yahoo.com>

Andreas Klauer wrote:
> On Tuesday 09 August 2005 18:53, panca sorin wrote:
> 
>>I have about 1650 preffered destination networks listed in some file. The
>>script read this file and marks every package for those networks with
>>the mark value of 1.
> 
> 
> If you have a lot of IPs in this list, a hashed approach might work faster. 
> See LARTC Howto, 12.4 Hashing filters. Although it describes tc filters, 
> approach should be similar for iptables. Furthermore, using CONNMARK might 
> speed things up. With it, you can skip testing packets of connections that 
> already matched (and, if used right, you can also skip packets of 
> connections that don't match as well). There are also patches that allow 
> bitwise modification of mark values.
> 
> You can get this stuff from www.netfilter.org, the patches are in pom-ng.

Look for ipset if the list is random.

http://people.netfilter.org/kadlec/ipset/

--and-mark and --or-mark are part of main iptables now

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  parent reply	other threads:[~2005-08-09 17:46 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-09 16:53 [LARTC] Too slow computer? panca sorin
2005-08-09 17:12 ` Andreas Klauer
2005-08-09 17:46 ` Andy Furniss [this message]
2005-08-09 21:31 ` panca sorin
2005-08-11 16:10 ` Andy Furniss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42F8EBFA.2020309@dsl.pipex.com \
    --to=andy.furniss@dsl.pipex.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.