Re: iptables very slow aftercommit784544739a25c30637397ace5489eeb6e15d7d49
From: David Miller
Date: Fri Apr 10 2009 - 21:25:34 EST
From: Stephen Hemminger <shemminger@xxxxxxxxxx>
Date: Fri, 10 Apr 2009 09:52:46 -0700
[ CC:'ing netfilter-devel and netdev... ]
> On Fri, 10 Apr 2009 17:15:52 +0800 (SGT)
> Jeff Chua <jeff.chua.linux@xxxxxxxxx> wrote:
>
>>
>>
>> Adding 200 records in iptables took 6.0sec in 2.6.30-rc1 compared to
>> 0.2sec in 2.6.29. I've bisected down this commit.
>>
>> There are a few patches on top of the original patch. When I reverted the
>> original commit + changing rcu_read() to rcu_read_bh(), it speeds up the
>> inserts back to .2sec again.
>>
>> I'm loading all the firewall rules during boot-up and this 6 secs slowness
>> is really not very nice to wait for.
>
> The performance benefit during operation is more important. The load
> time is fixable. The problem is probably generic to any set of rules,
> but could you post some info about your configuration (like the rule
> set), and the system configuration (# of cpu's, config etc).
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/