On Fri, 12 Sep 2003, Harald Welte wrote:
<snip>
>
> Imagine somebody with lots of ppp interfaces (let's say 40)... and we
> would need to resolve all 40 into ifindexes, put them into an array...
> how big would you like to make the array? how many interfaces do people
> have? how much space do you want to waste (dynamically reallocating this
> space while the ruleset is already loaded is not possible).
>
Just to add my point o this, and to say that it is actually used in
real-world. We have several (>30) machines with 120 modems each, each
running a pppd (modem pool, yes), and some 300-400 iptables rules on each
machine.
> And then you have 1000 rules, each of it using a ppp* style match. than
> at every ifdown/ifup you iterate over 1000 rules, checking if you need
> to update one of the 40 ifindexes? quite slow...
>
> > cheers,
> > jamal
> - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
----
Oskar Andreasson
http://www.frozentux.net
http://iptables-tutorial.frozentux.net
http://ipsysctl-tutorial.frozentux.net
mailto:blueflux@xxxxxxxxxxx
|