In message <15211.65235.369977.774321@xxxxxxxxxxxx> you write:
> Rusty here are some numbers for connection tracking...
>
> Forwarding from eth0 to eth1. One million packets injected into eth0 at
> 890.000 pkts/s. Kernel 2.4.7 UP PII @ 933 MHz and hacked e1000 driver. First
> with run without ipchains.o.
Ah... What are you using as a traffic generator?
Creating a new connection is expensive (but could probably be
optimized): given that usually < 1 in 10 packets is a new connection,
this seemed a reasonable optimization strategy. If you are sending
random packets, you are trying to create 1 million connections (well,
some will timeout).
You *can* help a bit by enlarging the hash tables: try:
insmod ipchains hashsize=100000
You could also try sending the *same* packet 1,000,000 times, and see
if we do better there...
Very interesting,
Rusty.
--
Premature optmztion is rt of all evl. --DK
|