Stephen Hemminger a écrit :
On Wed, 28 Jan 2009 07:17:04 +0100
Eric Dumazet <dada1@xxxxxxxxxxxxx> wrote:
Stephen Hemminger a écrit :
Change how synchronization is done on the iptables counters. Use seqcount
wrapper instead of depending on reader/writer lock.
Signed-off-by: Stephen Hemminger <shemminger@xxxxxxxxxx>
--- a/net/ipv4/netfilter/ip_tables.c 2009-01-27 14:48:41.567879095 -0800
+++ b/net/ipv4/netfilter/ip_tables.c 2009-01-27 15:45:05.766673246 -0800
@@ -366,7 +366,9 @@ ipt_do_table(struct sk_buff *skb,
if (IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
goto no_match;
+ write_seqcount_begin(&e->seq);
ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
+ write_seqcount_end(&e->seq);
Its not very good to do it like this, (one seqcount_t per rule per cpu)
If we use one count per table, that solves it, but it becomes a hot
spot, and on an active machine will never settle.
One seqcount per table and per cpu.
Only one cpu (the owner) will need to change the seqcount (one increment
when entering ipt_do_table(), one increment when leaving)
This location is only read by the thread doing the "iptables -L". We
dont care it spends a few cycles, it's already a big cruncher.
I dont understand your concern, what do you mean by "never settle" ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
