Measuring the time taken by a packet to traverse iptable rules
I am trying to measure the time taken by a packet to traverse the iptable rules and report an accept/reject. The rules in iptables are generally stored linearly in one chain. We have tried to extract the common values among the rules and re-organize the chains to reflect a tree structure. Now, we have to see what is the performance gain we achieve by creating new chains and re-ordering rules. So we need to measure the time taken by a packet to traverse the rules and report a match or otherwise. This needs to be compared with the time taken when the rules are just stored linearly.