An iptables ip_conntrack analysis

This is ancient. It is not wrong. The world has changed a lot, and this was instrumental in a little bit of that change.

Here is some software, cttest-0.4.tar.gz, which can be used to reproduce the following pictures. Both datasets analyzed in the following links, are from real production systems. The first set uses a dataset from a squid+REDIRECT transparent proxy service, serving dialup users. The second set is a consolidated view on all connections at one instant for a large web server farm, with all connections going to one IP's port 80. Both datasets have roughly 70000 entries to hash.

transproxy dataset

• Comparing different hash approaches
• Hash functions derived from the IP routing code
• Hash functions using modular multiplication
• CRC based hash functions

large web server

• Comparing different hash approaches
• Hash functions derived from the IP routing code
• Hash functions using modular multiplication
• CRC based hash functions

happily working for
Branchenbuch Kleinanzeigen