>>I will do a new round of testing this weekend for a speech I'll be
>>giving. This time I will include ipchains, iptables (of course I am
>>willing to apply every interesting patch regarding hash table
>>optimisation and whatnot you want me to test), nf-hipac, the OpenBSD pf
>>and of course the work done by Jamal.
>
> Look forward to any info you can provide.
Unfortunately (as always) there were tons of delays that didn't allow me
to finish the complete test suite as I hoped I could but I sent some
information off this list to Jamal and the nf-hipac guys about previous
test result. See below. I hope I can do more tests this weekend ...
> I particularly like that nf-hipac can be put in and tried in one-to-one
> comparison, that leaves an easy route to testing and getting confidence in
> the code.
Yes and it was very convincing after the first few tests Some prelimiary
test with raw TCP throughput have given me following really cool results:
TCP RAW throughput 100Mbit/s max MTU:
-------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/s
87380 16384 16384 60.01 88.03 <------
ratz@laphish:~/netperf-2.2pl2 >
TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [iptables]:
----------------------------------------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 60.12 3.28 <------
ratz@laphish:~/netperf-2.2pl2 >
TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [nf-hipac]:
----------------------------------------------------------------------
ratz@laphish:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 60.03 85.78 <------
ratz@laphish:~/netperf-2.2pl2 >
For nf-hipac I also have some statistics:
-----------------------------------------
bloodyhell:/var/FWTEST/nf-hipac # cat /proc/net/nf-hipac
nf-hipac statistics
-------------------
Maximum available memory: 65308672 bytes
Currently used memory: 1764160 bytes
INPUT:
- INPUT chain is empty
FORWARD:
- Number of rules: 10002
- Total size: 1033010 bytes
- Total size (allocated): 1764160 bytes
- Termrule size: 80016 bytes
- Termrule size (allocated): 320064 bytes
- Number of btrees: 30007
* number of u32 btrees: 10003
+ distribution of u32 btrees:
[ 2, 4]: 10002
[ 16384, 32768]: 1
* number of u16 btrees: 10002
+ distribution of u16 btrees:
[ 1, 2]: 10002
* number of u8 btrees: 10002
+ distribution of u8 btrees:
[ 2, 4]: 18
OUTPUT:
- OUTPUT chain is empty
bloodyhell:/var/FWTEST/nf-hipac #
Roberto Nibali, ratz
-- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/