summaryrefslogtreecommitdiff
path: root/firmware
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2015-06-11 02:34:54 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2015-06-12 15:27:09 +0300
commit71ae0dff02d756e4d2ca710b79f2ff5390029a5f (patch)
treeeaf17751a8b88d7531c8193bb84b133b1dde74b5 /firmware
parentd7b597421519d6f680eb8e152a0d8447466ee2d6 (diff)
downloadlinux-71ae0dff02d756e4d2ca710b79f2ff5390029a5f.tar.xz
netfilter: xtables: use percpu rule counters
The binary arp/ip/ip6tables ruleset is stored per cpu. The only reason left as to why we need percpu duplication are the rule counters embedded into ipt_entry et al -- since each cpu has its own copy of the rules, all counters can be lockless. The downside is that the more cpus are supported, the more memory is required. Rules are not just duplicated per online cpu but for each possible cpu, i.e. if maxcpu is 144, then rule is duplicated 144 times, not for the e.g. 64 cores present. To save some memory and also improve utilization of shared caches it would be preferable to only store the rule blob once. So we first need to separate counters and the rule blob. Instead of using entry->counters, allocate this percpu and store the percpu address in entry->counters.pcnt on CONFIG_SMP. This change makes no sense as-is; it is merely an intermediate step to remove the percpu duplication of the rule set in a followup patch. Suggested-by: Eric Dumazet <edumazet@google.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'firmware')
0 files changed, 0 insertions, 0 deletions