| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1323546064.4016.27.camel@edumazet-laptop> Date: Sat, 10 Dec 2011 20:41:04 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: "John A. Sullivan III" <jsullivan@...nsourcedevel.com> Cc: netdev@...r.kernel.org Subject: Re: Optimizing tc filters Le samedi 10 décembre 2011 à 13:16 -0500, John A. Sullivan III a écrit : > Hello, all. Given that there are several ways to direct packets into > the appropriate queue, I was wondering which ways are generally more > efficient. There seem to be a number of email discussions but nothing > authoritative. From those discussions, it would seem that for most > corporate usage (as in more traffic than a home user) we would have from > most efficient to least efficient: > > 1) Mark the connection with CONNMARK and us --restore-mark to mark all > packets in the connection for classification via an fw filter > > 2) Use the iptables CLASSIFY target > > 3) u32 filter > > 4) Mark individual packets and use an fw filter - one email thread says > this is more efficient than #3 > > Is this correct? Unfortunately CONNTRACK is a bit expensive... If you control applications, you also can use SO_MARK from them. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists