From: Steve Bergman <steve@rueb.com>
To: linux-kernel@vger.kernel.org
Subject: Performance of iptables-restore on large rule sets
Date: Fri, 28 Jan 2005 12:56:30 -0600 [thread overview]
Message-ID: <41FA8ADE.6080708@rueb.com> (raw)
I have a large rule set (~53000 rules) that I sometimes load using
iptables-restore. (It takes almost an hour.
Googling around tells me that the loop detection code in the kernel is
slow with large rule sets. The only thing that seems odd to me is that
throughout the entire loading process, iptables-restore is consistently
at about 67% user and33% system processor time according to vmstat. If
the slowness is in the kernel, shouldn't I be seeing a high and ever
increasing amount of "system" time?
Kernel is 2.6.9-1.681_FC3. Iptables is iptables-1.2.11-3.1.FC3.
Thanks for any insights,
Steve Bergman
next reply other threads:[~2005-01-28 19:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-28 18:56 Steve Bergman [this message]
2005-01-28 19:19 ` Performance of iptables-restore on large rule sets Martin Josefsson
2005-01-31 23:06 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41FA8ADE.6080708@rueb.com \
--to=steve@rueb.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox