Re: [Fwd: Linux 2.4 networking/routing slowdown]

From: Lutz Vieweg (
Date: Thu Jul 26 2001 - 07:45:32 EST

Jan Kasprzak <> wrote:

> > I have tried to upgrade my firewall to 2.4 kernel (2.4.7), and I have
> > observed a major slowdown of the network speed.

We observed a similar problem, hunted it down via kernel profiling:

When we used ipchains to establish a port redirection (just one
rule, map one port to another), the network would become rediculously
slow after some time of use, causing the CPU to spend almost 100%
as "system time".

We found that the expensive kernel functions were redir_cmp and unredir_cmp,
which were called an unreasonable amount of times by find_redir - seems the
iteration over the list there is quite lengthy...

We didn't investigate the problem further, but found that by using
"iptables" instead of the obsolete "ipchains" to establish the redirection
rule, everything was fine again.

So my advice would be to try iptables and see if your problem goes away
as well.


Lutz Vieweg

 Dipl. Phys. Lutz Vieweg | email:
 Innovative Software AG  | Phone/Fax: +49-69-505030 -120/-505
 Feuerbachstrasse 26-32  |
 60325 Frankfurt am Main | ^^^ PGP key available here ^^^
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Tue Jul 31 2001 - 21:00:26 EST