From: Andi Kleen <firstname.lastname@example.org> To: Roberto Nibali <email@example.com> Cc: "David S. Miller" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, jamal <firstname.lastname@example.org> Subject: Re: [ANNOUNCE] NF-HIPAC: High Performance Packet Classification Date: Thu, 26 Sep 2002 14:04:30 +0200 [thread overview] Message-ID: <20020926140430.E14485@wotan.suse.de> (raw) In-Reply-To: <3D92CCC5.email@example.com> On Thu, Sep 26, 2002 at 11:00:53AM +0200, Roberto Nibali wrote: > o we can't filter more than 13Mbit/s anymore after loading around 3000 > rules into the kernel (problem is gone with nf-hipac for example). For iptables/ipchain you need to write hierarchical/port range rules in this case and try to terminate searchs early. But yes, we also found that the L2 cache is limiting here (ip_conntrack has the same problem) > o we can't log all the messages we would like to because the user space > log daemon (syslog-ng in our case, but we've tried others too) doesn't > get enough CPU time anymore to read the buffer before it will be over- > written by the printk's again. This leads to an almost proportial to > N^2 log entry loss with increasing number of rules that do not match. > This is the worst thing that can happen to you working in the > security business: not having an appropriate log trace during a > possible incident. At least that is easily fixed. Just increase the LOG_BUF_LEN parameter in kernel/printk.c Alternatively don't use slow printk, but nfnetlink to report bad packets and print from user space. That should scale much better. -Andi
next prev parent reply other threads:[~2002-09-26 11:59 UTC|newest] Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <3D924F9D.C2DCF56A@us.ibm.com.suse.lists.linux.kernel> [not found] ` <firstname.lastname@example.org> 2002-09-26 0:31 ` Andi Kleen 2002-09-26 0:29 ` David S. Miller 2002-09-26 0:46 ` Andi Kleen 2002-09-26 0:44 ` David S. Miller 2002-09-26 9:00 ` Roberto Nibali 2002-09-26 9:06 ` David S. Miller 2002-09-26 9:24 ` Roberto Nibali 2002-09-26 9:21 ` David S. Miller 2002-09-26 15:13 ` James Morris 2002-09-26 20:51 ` Roberto Nibali 2002-09-26 10:25 ` Roberto Nibali 2002-09-26 10:20 ` David S. Miller 2002-09-26 10:49 ` Roberto Nibali 2002-09-26 12:03 ` jamal 2002-09-26 20:23 ` Roberto Nibali 2002-09-27 13:57 ` jamal 2002-09-26 12:04 ` Andi Kleen [this message] 2002-09-26 20:49 ` Roberto Nibali 2002-09-30 17:36 ` Bill Davidsen 2002-10-02 17:37 ` Roberto Nibali 2002-09-26 1:17 ` Nivedita Singhvi 2002-09-26 1:15 ` Andi Kleen 2002-09-26 0:06 Nivedita Singhvi 2002-09-26 0:03 ` David S. Miller 2002-09-26 0:50 ` Nivedita Singhvi 2002-09-26 0:40 ` David S. Miller 2002-09-26 1:09 ` Nivedita Singhvi
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20020926140430.E14485@wotan.suse.de \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [ANNOUNCE] NF-HIPAC: High Performance Packet Classification' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).