Eric Dumazet wrote:
Stephen Hemminger a écrit :
--- a/net/ipv4/netfilter/ip_tables.c 2009-01-27
14:48:41.567879095 -0800
+++ b/net/ipv4/netfilter/ip_tables.c 2009-01-27
15:45:05.766673246 -0800
@@ -366,7 +366,9 @@ ipt_do_table(struct sk_buff *skb,
if (IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
goto no_match;
+ write_seqcount_begin(&e->seq);
ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
+ write_seqcount_end(&e->seq);
Its not very good to do it like this, (one seqcount_t per rule per cpu)
If we use one count per table, that solves it, but it becomes a hot
spot, and on an active machine will never settle.
One seqcount per table and per cpu.
Only one cpu (the owner) will need to change the seqcount (one increment
when entering ipt_do_table(), one increment when leaving)
That would also make sure the counters add up, right?
This location is only read by the thread doing the "iptables -L". We
dont care it spends a few cycles, it's already a big cruncher.
Indeed.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
