Sami Farin wrote:
On Sat, Dec 15, 2007 at 21:42:19 -0800, David Miller wrote:
From: Eric Dumazet <dada1@xxxxxxxxxxxxx>
Date: Sat, 15 Dec 2007 12:04:47 +0100
I prefer to let admins chose their size, since it makes attacker life more
difficult :)
For example, I can tell you I have a server, were size is between 2.000.000
and 3.500.000, I dont want to be forced to use 2097152
A multiply is cheap, at least on current hardware.
I agree, and I see nothing wrong with Eric's patch and it
should be merged ASAP.
You could do the same optimization for
net/netfilter/nf_conntrack_core.c:__hash_conntrack() , too.
Yes, I already took care of that for conntrack and other netfilter
non-power-of-two hashes.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html