LARTC - Dec 2002 - u32 and netfilter

Hi, All,

My understanding is u32 filter is very powerful filter and could do anything
about IP header filtering, then why do we sometimes use netfilering in IPtables?
One advantege I guess is in netfilering, there is usage counter? Are there other
advantges using netfilter (such as delay, flexibility)? What is the
disadvantages to us Netfilter?

In summary, what are the considerations to select u32 or netfilter as classifier
for QoS?


Thanks,

James

On Wednesday 04 December 2002 20:01, James Ma wrote:
> Hi, All,
>
> My understanding is u32 filter is very powerful filter and could do
> anything about IP header filtering, then why do we sometimes use
> netfilering in IPtables? One advantege I guess is in netfilering, there is
> usage counter? Are there other advantges using netfilter (such as delay,
> flexibility)? What is the disadvantages to us Netfilter?
>
> In summary, what are the considerations to select u32 or netfilter as
> classifier for QoS?
I''m not sure, but I think matching a u32 filter is based on a tree-like
structure.  The fw filter can be faster on the filter part if you use the 
mark as minor number.  But you still have a lot of iptables rules to test.  
And I think you have to test them 1 by 1.
So I think the fw filter will be slower.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/