[Bug 32] New: ip_conntrack seems to track everything which can be very slow on HTTP

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Thu, 30 Jan 2003 14:25:21 +0100


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=32

           Summary: ip_conntrack seems to track everything which can be very
                    slow on HTTP
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: connection tracking
        AssignedTo: laforge@netfilter.org
        ReportedBy: laplante@sednove.ca
                CC: netfilter-buglog@lists.netfilter.org


Is it possible to select which packet (tcp/port) to track instead.

HTTP, is becoming more slow for very fast request which I can't have for a 
busy web site but I want to track ftp and ssh for other purpose...

I ran a program that use /usr/local/apache/bin/ab to benchmark my web and it 
can becore very slow after 10000 requests or more. The performance is going 
down very fast. Here is the small program in perl:

perl run http://www.netfilter.com/index.html for example

#!/usr/bin/perl

print "\nTest ", join(" ", @ARGV), "\n\n";
$sum=0;
$n=0;
for(my $i=1;$i<10;++$i) {
    my $res = `/usr/local/apache/bin/ab -c 2 -n 1000 $ARGV[0] 2>&1`;
    if ($res =~  /Requests per second:\s*(\S*)/) {
        printf("%-8.2f", $1);
        $sum += $1;
        $n++;
    }
}
print "\nAverage: ", $sum/$n, "\n";

The performance locally usually stay at the same level for each number. On 
ip_conntrack the performance is going down very fast.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.