Hi,
I will do a new round of testing this weekend for a speech I'll be
giving. This time I will include ipchains, iptables (of course I am
willing to apply every interesting patch regarding hash table
optimisation and whatnot you want me to test), nf-hipac, the OpenBSD pf
and of course the work done by Jamal.
Look forward to any info you can provide.
Unfortunately (as always) there were tons of delays that didn't allow me
to finish the complete test suite as I hoped I could but I sent some
information off this list to Jamal and the nf-hipac guys about previous
test result. See below. I hope I can do more tests this weekend ...
I particularly like that nf-hipac can be put in and tried in one-to-one
comparison, that leaves an easy route to testing and getting confidence in
the code.
Yes and it was very convincing after the first few tests Some prelimiary
test with raw TCP throughput have given me following really cool results:
TCP RAW throughput 100Mbit/s max MTU:
-------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/s
87380 16384 16384 60.01 88.03 <------
ratz@laphish:~/netperf-2.2pl2 >
TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [iptables]:
----------------------------------------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 60.12 3.28 <------
ratz@laphish:~/netperf-2.2pl2 >
TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [nf-hipac]:
----------------------------------------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 60.03 85.78 <------
ratz@laphish:~/netperf-2.2pl2 >
For nf-hipac I also have some statistics:
-----------------------------------------
bloodyhell:/var/FWTEST/nf-hipac # cat /proc/net/nf-hipac
nf-hipac statistics
-------------------
Maximum available memory: 65308672 bytes
Currently used memory: 1764160 bytes
INPUT:
- INPUT chain is empty
FORWARD:
- Number of rules: 10002
- Total size: 1033010 bytes
- Total size (allocated): 1764160 bytes
- Termrule size: 80016 bytes
- Termrule size (allocated): 320064 bytes
- Number of btrees: 30007
* number of u32 btrees: 10003
+ distribution of u32 btrees:
[ 2, 4]: 10002
[ 16384, 32768]: 1
* number of u16 btrees: 10002
+ distribution of u16 btrees:
[ 1, 2]: 10002
* number of u8 btrees: 10002
+ distribution of u8 btrees:
[ 2, 4]: 18
OUTPUT:
- OUTPUT chain is empty
bloodyhell:/var/FWTEST/nf-hipac #
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|