On Mon, Jan 30, 2006 at 05:44:17PM +0200, Cristian Carstea wrote: > > > On Mon, Jan 30, 2006 at 02:15:02PM +0200, Cristian Carstea wrote: > >> hello, > >> > >> i have a question: > >> - which one is faster: "tc filter with u32 match per dst ip" or > "iptables match per dst ip with target CLASSIFY"? > >> - this question is for large rulesets (over 500) > > > > use hashes if it's possible to hash those "ip dst". > > can you please detail this a little?
Mmmm... With my english.. Try this: http://lartc.org/howto/lartc.adv-filter.hashing.html ------- You can filter packets with hash table, you can cascade hashes. Each cell in hash table can contain many filters (it seems not to be stated in the HOWTO; but it's possible an it's great). > > thank you, > cristian carstea -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-' ` G.m-"^m`m' Dmytro O. Redchuk _______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
