On 18/04/2012 14:46, Tom Eastep wrote: > You don't have module autoloading in your kernel? What is the setting > for LOAD_HELPERS_ONLY? >
That in itself is a whole email thread on uclibc/netfilter if you scan for emails from me (not that interesting though). There are some nice patches in recent netfilter and some rotting patches in uclibc that I don't think will get into mainstream. Upshot is that I have spent quite some time optimising this... Sincerely thanks for the thoughts though! I will benchmark it some more after I get my release out. It's not so bad, but binaries are slow to load (flash drive with squashfs) and the processor is fairly limited. Busybox ash in use + uclibc + various gcc hardening options root@redbox $ time shorewall stop Stopping Shorewall.... Processing /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... Running /sbin/iptables-restore... IPv4 Forwarding Enabled Processing /etc/shorewall/stopped ... done. real 0m 0.81s user 0m 0.33s sys 0m 0.26s root@redbox $ time shorewall stop Stopping Shorewall.... Processing /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... Running /sbin/iptables-restore... IPv4 Forwarding Enabled Processing /etc/shorewall/stopped ... done. real 0m 0.82s user 0m 0.32s sys 0m 0.25s root@redbox $ Test of stale pids: root@redbox $ shorewall start Starting Shorewall.... Device "wlan1" does not exist. Cannot find device "wlan1" Device "eth3" does not exist. Cannot find device "eth3" Device "wlan2" does not exist. Cannot find device "wlan2" Device "wlan3" does not exist. Cannot find device "wlan3" ^C root@redbox $ time shorewall start Giving up on lock file /var/lock/shorewall.lock Starting Shorewall.... ... snip ... Processing /etc/shorewall/start ... Processing /etc/shorewall/started ... done. real 0m 33.85s user 0m 1.06s sys 0m 1.26s My timeout (forgotten the var name) is set to 30 seconds, down from the default 60 secs Please don't investigate further, its obviously something in my config. I will debug it and revert with the reason Many thanks! Ed W ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
