Hi all, I'm working on a proxy type program, using REDIRECT to catch (tcp) traffic, and I'm seeing severe network degradation above ~2000 connection.
(computer: 1Gb p3, 2Gb memory, kernel 2.4.18 + aa1 patch) I've profiled the kernel and found that > 50% of the cpu time is in __ip_conntrack_find - is there a patch to make connection tracking use a more scalable data structure (as I understand it uses a list), or to improve it's performance? Thanx aviv
