[PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
Andi Kleen
ak at suse.de
Thu Oct 6 19:59:56 CEST 2005
On Fri, Oct 07, 2005 at 04:38:02AM +0200, Harald Welte wrote:
> On Wed, Oct 05, 2005 at 06:53:31PM +0200, Andi Kleen wrote:
> > On Tuesday 04 October 2005 19:01, Patrick McHardy wrote:
> > > Andi Kleen wrote:
> > > > In a sense it's even getting worse: For example us losing the CONFIG
> > > > option to disable local conntrack (Patrick has disabled it some time ago
> > > > without even a comment why he did it) has a really bad impact in some
> > > > cases.
> > >
> > > It was necessary to correctly handle locally generated ICMP errors.
> >
> > Well you most likely wrecked local performance then when it's enabled.
>
> so you would favour a system that incorrectly deals with ICMP errors but
> has higher performance?
I would favour a system where development doesn't lose sight of performance.
Perhaps there would be other ways to fix this problem without impacting
performance unduly? Can you describe it in detail?
-Andi
More information about the netfilter-devel
mailing list