From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Furniss <andy.furniss@dsl.pipex.com>
Date: Tue, 09 Aug 2005 17:46:34 +0000
Subject: Re: [LARTC] Too slow computer?
Message-Id: <42F8EBFA.2020309@dsl.pipex.com>
List-Id: <lartc.vger.kernel.org>
References: <20050809165318.29066.qmail@web32604.mail.mud.yahoo.com>
In-Reply-To: <20050809165318.29066.qmail@web32604.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Andreas Klauer wrote:
> On Tuesday 09 August 2005 18:53, panca sorin wrote:
> 
>>I have about 1650 preffered destination networks listed in some file. The
>>script read this file and marks every package for those networks with
>>the mark value of 1.
> 
> 
> If you have a lot of IPs in this list, a hashed approach might work faster. 
> See LARTC Howto, 12.4 Hashing filters. Although it describes tc filters, 
> approach should be similar for iptables. Furthermore, using CONNMARK might 
> speed things up. With it, you can skip testing packets of connections that 
> already matched (and, if used right, you can also skip packets of 
> connections that don't match as well). There are also patches that allow 
> bitwise modification of mark values.
> 
> You can get this stuff from www.netfilter.org, the patches are in pom-ng.

Look for ipset if the list is random.

http://people.netfilter.org/kadlec/ipset/

--and-mark and --or-mark are part of main iptables now

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc