>>Sorry, I do not understand why that is required. Maybe this is only an >>optimization? >>If so, please can we optimize later (after doing benchmarks)?
Yes, it's an optimisation. I'll try to setup a benchmark. Do you known how to monitor netfilter cpu usage ? (maybe simply %sys counter ?) ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Jeudi 20 Mars 2014 10:04:43 Objet: RE: [pve-devel] [PATCH] add ips feature v5 > I was to avoid going into each tap-out device then -g PVEFW-SET-ACCEPT- > MARK. > go directly to vmbr-OUT Sorry, I do not understand why that is required. Maybe this is only an optimization? If so, please can we optimize later (after doing benchmarks)? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
