Re: iptables very slow aftercommit784544739a25c30637397ace5489eeb6e15d7d49

From: Stephen Hemminger
Date: Fri Apr 10 2009 - 12:54:26 EST

Next message: Christoph Hellwig: "Re: [RFC Aufs2 #5 28/29] export lookup functions"
Previous message: Gábor Stefanik: "Re: Additional USB identifier for otus driver [WN111v2]"
In reply to: Jeff Chua: "iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49"
Next in thread: Jeff Chua: "Re: iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Apr 2009 17:15:52 +0800 (SGT)
Jeff Chua <jeff.chua.linux@xxxxxxxxx> wrote:

>
>
> Adding 200 records in iptables took 6.0sec in 2.6.30-rc1 compared to
> 0.2sec in 2.6.29. I've bisected down this commit.
>
> There are a few patches on top of the original patch. When I reverted the
> original commit + changing rcu_read() to rcu_read_bh(), it speeds up the
> inserts back to .2sec again.
>
> I'm loading all the firewall rules during boot-up and this 6 secs slowness
> is really not very nice to wait for.

The performance benefit during operation is more important. The load
time is fixable. The problem is probably generic to any set of rules,
but could you post some info about your configuration (like the rule
set), and the system configuration (# of cpu's, config etc).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: [RFC Aufs2 #5 28/29] export lookup functions"
Previous message: Gábor Stefanik: "Re: Additional USB identifier for otus driver [WN111v2]"
In reply to: Jeff Chua: "iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49"
Next in thread: Jeff Chua: "Re: iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]