Comment 7 for bug 1640786

I also tested the protocol found here[1], on top of mainline kernel v4.9

* Without the nf-next patches :

# time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s)

real 0m32.994s
user 0m1.288s
sys 0m26.076s

* With the nf-next patches :

# time (./list-addrs 3000 | xargs -n1 iptables -A FORWARD -j ACCEPT -s)

real 0m5.428s
user 0m0.068s
sys 0m0.288s

I do notice a significant performance increase.

[1] - https://gist.github.com/williammartin/b75e3faf5964648299e4d985413e6c0c

- Eric