diff options
author | Liping Zhang <zlpnobody@gmail.com> | 2017-02-06 19:47:47 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-02-28 12:10:15 +0100 |
commit | 72bb3dbf0ecdf3ec96aee80e5d152c8be4394da1 (patch) | |
tree | 53cdbadd59c6aa0039e3eea22380171e7c4007a9 /extensions/libxt_cpu.t | |
parent | 24f8174646123c2833bc87967b366796231b04e0 (diff) |
xshared: using the blocking file lock request when we wait indefinitely
When using "-w" to avoid concurrent instances, we try to do flock() every
one second until it success. But one second maybe too long in some
situations, and it's hard to select a suitable interval time. So when
using "iptables -w" to wait indefinitely, it's better to block until
it become success.
Now do some performance tests. First, flush all the iptables rules in
filter table, and run "iptables -w -S" endlessly:
# iptables -F
# iptables -X
# while : ; do
iptables -w -S >&- &
done
Second, after adding and deleting the iptables rules 100 times, measure
the time cost:
# time for i in $(seq 100); do
iptables -w -A INPUT
iptables -w -D INPUT
done
Before this patch:
real 1m15.962s
user 0m0.224s
sys 0m1.475s
Apply this patch:
real 0m1.830s
user 0m0.168s
sys 0m1.130s
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_cpu.t')
0 files changed, 0 insertions, 0 deletions