The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup of ''shorewall restart'' on my firewall when compared to 1.3.11a. Please test with these files -- I don''t anticipate making any more performance changes for 1.3.12 and I want to be sure that I didn''t break anything. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Monday, December 09, 2002 10:04:48 AM -0800 Steve Herber <herber@thing.com> wrote:> I may have missed a description of your speed up changes. What did you > do to speed it up? Is there a link to a description of the changes? >I haven''t yet updated the changelog.txt file in CVS but you can look through the changes to the ''firewall'' module (since version 1.133) and in the functions module. Key things: a) Previously, each time that iptables was run, ''sed'' was also run (to handle "!" -- iptables requires white space after "!" while Shorewall needs there to be no such white space). Now, I check to see if there are any "!"''s in the command and if there are, I have shell code to handle inserting the white space rather than invoking ''sed''. b) The ''policy'' and ''interfaces'' files were opened and read many times -- they are now read only once. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
On Saturday 07 December 2002 18:04, Tom Eastep wrote:> The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup > of ''shorewall restart'' on my firewall when compared to 1.3.11a. > > Please test with these files -- I don''t anticipate making any more > performance changes for 1.3.12 and I want to be sure that I didn''t break > anything. > > -TomHi Tom I have tried the new ''firewall'' and ''functions'' files and compared the=20 restart time to 1.3.11a. The results are as follows: 1.3.11a 20.1 seconds cvs 10.1 seconds 180mhz pentium pro 1.3.11a 25.7 seconds cvs 14.4 seconds 266mhz pentium II 1.3.11a 14.0 seconds cvs 10.1 seconds 160mhz pentium I haven''t encountered any problems. Regards Steven. =20
--On Monday, December 09, 2002 11:05:26 PM +0000 Steven Jan Springl <security@springl.fsnet.co.uk> wrote:> > 1.3.11a 20.1 seconds cvs 10.1 seconds 180mhz pentium pro > 1.3.11a 25.7 seconds cvs 14.4 seconds 266mhz pentium II > 1.3.11a 14.0 seconds cvs 10.1 seconds 160mhz pentium > > I haven''t encountered any problems.Thanks, Steven. Were these tests done with firewall revision 1.137? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Monday, December 09, 2002 11:00:45 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Monday, December 09, 2002 10:04:48 AM -0800 Steve Herber > <herber@thing.com> wrote: > > > I haven''t yet updated the changelog.txt file in CVS but you can look > through the changes to the ''firewall'' module (since version 1.133) and in > the functions module.Oops -- the first speed improvement change actually happened in 1.130->1.131. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
On Monday 09 December 2002 23:11, Tom Eastep wrote:> --On Monday, December 09, 2002 11:05:26 PM +0000 Steven Jan Springl > > <security@springl.fsnet.co.uk> wrote: > > 1.3.11a 20.1 seconds cvs 10.1 seconds 180mhz pentium pro > > 1.3.11a 25.7 seconds cvs 14.4 seconds 266mhz pentium II > > 1.3.11a 14.0 seconds cvs 10.1 seconds 160mhz pentium > > > > I haven''t encountered any problems. > > Thanks, Steven. Were these tests done with firewall revision 1.137? > > -Tom=09With the exception of the 160mhz pentium, I used 1.137. I don''t know what=20 happend there! I have just downloaded 1.137 on to my 160mhz pentium. The restart timings are=20 as follows: 1.3.11a 14.0 seconds cvs(1.137) 8.5 seconds 160mhz pentium Regards Steven.
--On Monday, December 09, 2002 11:29:21 PM +0000 Steven Jan Springl <shorewall@springl.fsnet.co.uk> wrote:> I have just downloaded 1.137 on to my 160mhz pentium. The restart timings > are as follows: > > 1.3.11a 14.0 seconds cvs(1.137) 8.5 seconds 160mhz pentium >Thanks!, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net