From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Hi! The following two RFC patches aim to improve rule addition and deletion timing. The current major bottleneck in the rule addition is the handle allocation per chain which is O(n), a simple way to get it O(1) is to use a 64-bits handle instead of 16-bits to uniquely identify the rule. The main concern here is to avoid wrap around of the handle (so we have no two rules with the same handle). We could stick to 32-bits. Overrun would happen after 2^32 rule additions, that seems unlikely but still possible in scenario in which rules are dynamically added and deleted. Regarding deletion, as it was documented in the source code, synchronize_rcu() really make performance suck. The alternative is to use kfree_rcu() and add one struct rcu_head per rule. This increases the length of the rule structure. I didn't come with any better simple solution like these two. I think this is yet another space-time tradeoff thing. So I'd put pressure on the memory side at this moment. Comments welcome. -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
