Eric Dumazet wrote: > Patrick McHardy a écrit : > >> Thats an interesting test-case, but one lock per conntrack just for >> TCP tracking seems like overkill. We're trying to keep the conntrack >> stuctures as small as possible, so I'd prefer an array of spinlocks >> or something like that. >> > > Yes, this is wise. Current sizeof(struct nf_conn) is 220 (0xdc) on 32 bits, > probably rounded to 0xE0 by SLAB/SLUB. I will provide a new patch using > an array of say 512 spinlocks. (512 spinlocks use 2048 bytes if non > debuging spinlocks, that spread to 32 x 64bytes cache lines) > Sounds good, but it should be limited to NR_CPUS I guess. > However I wonder if for very large number of cpus we should at least ask conntrack > to use hardware aligned "struct nf_conn" to avoid false sharing > I'm not sure that is really a problem in practice, you usually have quite a few inactive conntrack entries and false sharing would only happen when two consequitive entries are active. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
