thr3ads.net - LARTC - u32 match versus iptables CLASSIFY target

If this information is useful, please help other people find it:
Share via:

Cristian Carstea

2006-Jan-30 12:15 UTC

u32 match versus iptables CLASSIFY target - performance

hello,

i have a question:
- which one is faster: "tc filter with u32 match per dst ip" or
"iptables
match per dst ip with target CLASSIFY"?
- this question is for large rulesets (over 500)

thank you,
cristian carstea

Dmytro O. Redchuk

2006-Jan-30 12:28 UTC

head link

Re: u32 match versus iptables CLASSIFY target - performance

On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea
wrote:> hello,
> 
> i have a question:
> - which one is faster: "tc filter with u32 match per dst ip" or
"iptables
> match per dst ip with target CLASSIFY"?
> - this question is for large rulesets (over 500)
use hashes if it''s possible to hash those "ip dst".
> 
> thank you,
> cristian carstea
-- 
  _,-=._              /|_/|
  `-.}   `=._,.-=-._.,  @ @._,
     `._ _,-.   )      _,.-''
        `    G.m-"^m`m''        Dmytro O. Redchuk

Cristian Carstea

2006-Jan-30 15:44 UTC

head link

Re: u32 match versus iptables CLASSIFY target - performance

> On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote:
>> hello,
>>
>> i have a question:
>> - which one is faster: "tc filter with u32 match per dst ip"
or"iptables match per dst ip with target
CLASSIFY"?>> - this question is for large rulesets (over 500)
>
> use hashes if it''s possible to hash those "ip dst".
can you please detail this a little?

thank you,
cristian carstea

>
>>
>> thank you,
>> cristian carstea
>
> --
>   _,-=._              /|_/|
>   `-.}   `=._,.-=-._.,  @ @._,
>      `._ _,-.   )      _,.-''
>         `    G.m-"^m`m''        Dmytro O. Redchuk
>

Dmytro O. Redchuk

2006-Jan-30 16:08 UTC

head link

Re: u32 match versus iptables CLASSIFY target - performance

On Mon, Jan 30, 2006 at 05:44:17PM +0200, Cristian Carstea
wrote:> 
> > On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote:
> >> hello,
> >>
> >> i have a question:
> >> - which one is faster: "tc filter with u32 match per dst
ip" or
> "iptables match per dst ip with target CLASSIFY"?
> >> - this question is for large rulesets (over 500)
> >
> > use hashes if it''s possible to hash those "ip dst".
> 
> can you please detail this a little?
Mmmm... With my english..

Try this:
http://lartc.org/howto/lartc.adv-filter.hashing.html


-------
You can filter packets with hash table, you can cascade hashes.

Each cell in hash table can contain many filters (it seems not to be
stated in the HOWTO; but it''s possible an it''s great).
> 
> thank you,
> cristian carstea
-- 
  _,-=._              /|_/|
  `-.}   `=._,.-=-._.,  @ @._,
     `._ _,-.   )      _,.-''
        `    G.m-"^m`m''        Dmytro O. Redchuk

Possibly Parallel Threads

Search for more seemingly similar threads

LARTC - Jan 2006 - u32 match versus iptables CLASSIFY target - performance

u32 match versus iptables CLASSIFY target - performance

Re: u32 match versus iptables CLASSIFY target - performance

Re: u32 match versus iptables CLASSIFY target - performance

Re: u32 match versus iptables CLASSIFY target - performance

Possibly Parallel Threads