On Sat, Dec 15, 2007 at 21:42:19 -0800, David Miller wrote: > From: Eric Dumazet <dada1@xxxxxxxxxxxxx> > Date: Sat, 15 Dec 2007 12:04:47 +0100 > > > I prefer to let admins chose their size, since it makes attacker life more > > difficult :) > > > > For example, I can tell you I have a server, were size is between 2.000.000 > > and 3.500.000, I dont want to be forced to use 2097152 > > > > A multiply is cheap, at least on current hardware. > > I agree, and I see nothing wrong with Eric's patch and it > should be merged ASAP. You could do the same optimization for net/netfilter/nf_conntrack_core.c:__hash_conntrack() , too. -- Do what you love because life is too short for anything else. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
