All of lore.kernel.org
 help / color / mirror / Atom feed
From: Antony Stone <Antony@Soft-Solutions.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: Performance Monitoring
Date: Sun, 11 Jan 2004 23:32:40 +0000	[thread overview]
Message-ID: <200401112332.40921.Antony@Soft-Solutions.co.uk> (raw)
In-Reply-To: <4001DB98.9090607@lintelsys.com.au>

On Sunday 11 January 2004 11:26 pm, Alex Satrapa wrote:

> Ramin Dousti wrote:
> > One can come up with a btree which should reduce the worst case lookup to
> > a max of 8 lookups for a /24.
>
> It'd be better if netfilter supported some way of either binding rules
> to an interface, or allowing a hashtable-lookup for a "jump" based on IP
> address.

It normally isn't much of a problem, because for most people, using the state 
match means that only the first packet of a new connection has to go through 
the ruleset looking for a rule to fnd out whether it's ACCEPTed or not - all 
future packets for the connection (assuming it gets ESTABLISHED) match on the 
very first rule and the whole system is quite efficient.

Of course, if you're not using state matching then the above does not apply, 
but this is why statefulness is one of the good bits about netfilter.

Antony.

-- 
These clients are often infected by viruses or other malware and need to be 
fixed.  If not, the user at that client needs to be fixed...

 - Henrik Nordstrom, on Squid user's mailing list

                                                     Please reply to the list;
                                                           please don't CC me.



      reply	other threads:[~2004-01-11 23:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-02 22:03 Performance Monitoring Barry Rooney
2004-01-05 22:27 ` Alex Satrapa
2004-01-06  1:57   ` Lawrence Tang
2004-01-06  4:04     ` Alex Satrapa
2004-01-06  3:38       ` bino
2004-01-06  5:58         ` Michael Gale
2004-01-06  6:01         ` Michael Gale
2004-01-06  6:02         ` Michael Gale
2004-01-10  0:04           ` Ramin Dousti
2004-01-10  8:54             ` Thhoep
2004-01-11 23:26             ` Alex Satrapa
2004-01-11 23:32               ` Antony Stone [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200401112332.40921.Antony@Soft-Solutions.co.uk \
    --to=antony@soft-solutions.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.