I also tested the protocol found here[1], on top of mainline kernel v4.9 * Without the nf-next patches :
# time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s) real 0m32.994s user 0m1.288s sys 0m26.076s * With the nf-next patches : # time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s) real 0m5.428s user 0m0.068s sys 0m0.288s I do notice a significant performance increase. [1] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c - Eric ** Changed in: linux (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1640786 Title: netfilter regression introducing a performance slowdown in binary arp/ip/ip6tables To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1640786/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
