How to measure CPU usage of netfilter

Yakov Lerner at
Thu Nov 23 03:45:12 CET 2006

On 11/21/06, Mohammad Farooq <mohammadfarooq at> wrote:
>   I have about 1000 rules in the iptables. All these rules just forward
> the incoming traffic to other systems. I am trying to measure CPU usage
> of the netfilter. I tried to measure with top command but some how it
> always shows that CPU is 95% idle. I am not sure if top is the
> appropriate command to measure CPU usage of the netfilter. Since all the
> filtering is happening inside the kernel there should be some other command to
> measure kernel's CPU usage. I would appreciate if someone can point to
> the right direction. Thanks.

You can try 'cpusoak'  tool from Andrew Morton zc toolset:
cpusoak which accurately measures cpu consumption by the kernel.


More information about the netfilter mailing list