On Sunday 2008-10-05 11:12, Patrick McHardy wrote: > > Thanks. As an added explanation - the benchmarking I did for nftables > indicated that we're somewhere between 50 and 110 cycles for a "usual" > rule on my x2. So its really easy to degrade performance significantly > by just requiring a few more cycles. The upside is that it works in both > directions :) Hm there is actually a reason I did it this way. I did not want to make the struct xt_match_param constant that extensions receive, so they can tamper with the arguments just like they were able to before. (Actually, just a single outoftree extension does this right now.) Constructing the xt_match_param for example in ipt_do_table() instead of do_match() would mean that iff some extension trashed, say, par->in, then all future extensions would get that new value, which is of course not what we wanted. Requesting verdict from you. :) Make it const so that extensions don't tamper with it? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
