From: Rusty Russell <rusty@rustcorp.com.au>
To: jamal <hadi@cyberus.ca>
Cc: netfilter-devel@lists.netfilter.org, netdev@oss.sgi.com
Subject: Re: TODO list before feature freeze
Date: Tue, 30 Jul 2002 08:14:09 +1000 [thread overview]
Message-ID: <20020729224724.91A3A4B7F@lists.samba.org> (raw)
In-Reply-To: Your message of "Mon, 29 Jul 2002 06:57:20 -0400." <Pine.GSO.4.30.0207290648020.12604-100000@shell.cyberus.ca>
In message <Pine.GSO.4.30.0207290648020.12604-100000@shell.cyberus.ca> you writ
e:
> > Connection tracking:
>
> Fix perfomance problems with this thing. You may have seen reports of
> performance degradation it introduces. I was hoping to take a look at some
> point time hasnt been visiting this side.
There are several simple things to do here. One is to improve the
hashing (fine for internet traffic, but frequently sucks under LAN
conditions), which is easy. The other is to modify the
one-timer-per-connection approach to a "sweep once a second, or when
full" approach.
Both these are simple patches, but I want to see benchmarks showing
that they improve things.
> > iptables:
> > o Change over to a netlink interface
> > o Back to add/delete/replace interface + commit.
> > o Rewrite libiptc to use netlink (to port iptables).
>
> I hope this resolves the current scheme where the whole
> add/delete/replace interface + commit happens in user space?
> If you use netlink it would make sense to do incremental updates to the
> kernel.
Yes, that's exactly the plan. It'd be more like the old-style
insert/delete (probably not replace), except with a "commit"
interface, implemented by copying the rules when they start modifying.
Hope that helps,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
next prev parent reply other threads:[~2002-07-29 22:14 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-18 9:34 TODO list before feature freeze Rusty Russell
2002-07-19 7:39 ` Balazs Scheidler
2002-07-19 17:43 ` Michael Richardson
2002-07-29 10:57 ` jamal
2002-07-29 11:12 ` Andi Kleen
2002-07-29 11:23 ` jamal
2002-07-29 11:56 ` Andi Kleen
2002-07-29 15:40 ` Martin Josefsson
2002-07-29 16:15 ` Patrick Schaaf
2002-07-29 17:12 ` Martin Josefsson
2002-07-29 17:35 ` Nivedita Singhvi
2002-07-29 22:43 ` Martin Josefsson
2002-07-29 16:26 ` Patrick Schaaf
2002-07-29 16:31 ` Andi Kleen
2002-07-29 16:42 ` Patrick Schaaf
2002-07-29 16:45 ` Patrick Schaaf
2002-07-30 11:58 ` jamal
2002-07-30 12:27 ` Patrick Schaaf
2002-07-30 12:29 ` jamal
2002-07-30 13:06 ` Patrick Schaaf
2002-07-30 13:42 ` jamal
2002-07-30 13:08 ` Martin Josefsson
2002-07-30 15:54 ` Filip Sneppe (Cronos)
2002-07-29 15:25 ` Michael Richardson
2002-07-29 15:52 ` Patrick Schaaf
2002-07-29 20:51 ` Andi Kleen
2002-07-30 7:26 ` Patrick Schaaf
2002-07-29 22:14 ` Rusty Russell [this message]
2002-07-30 12:04 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020729224724.91A3A4B7F@lists.samba.org \
--to=rusty@rustcorp.com.au \
--cc=hadi@cyberus.ca \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).