On 01.07.2011 17:27, Eric Dumazet wrote: > Le vendredi 01 juillet 2011 à 09:49 +0200, Florian Westphal a écrit : >> Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: >>> Number one offender is the nfnl_lock mutex hold each time we give a >>> verdict. >> >> Yes, the nfnl mutex is fairly annoying for nfqueue. >> >> Unfortunately it is not possible to just remove it >> completely since it also protects against module removal. >> > > I believe it can, just add appropriate synchronization points. > >> But I guess even having to grab a refcount would be >> a huge win as opposed to holding on to the nfnl mutex... >> >> We'd also need to audit all ->call implementations; most >> of them assume the nfnl_mutex is being hold. > > CC netdev > > We can do another way : Introduce a new ->call_rcu() implementation > and convert places where we prefer not holding nfnf_mutex. > > If/when all places are converted, remove the ->call() field for good. We've talked about this a few times, but we have some pretty deep call chains especially in ctnetlink, which are using sleeping allocations. Not sure whether we really want to convert those. An alternative would be to push locking down one level and have the subsystem decide whether to use RCU or the mutex. However that would require taking a reference to the subsystem in nfnetlink to avoid module unloda races. > With following two patches, I was able to reach more than 2.000.000 pps > without losses on my setup (limited by my lab setup), instead of less > than 500.000 pps That sounds pretty impressive. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
