On Friday 2014-03-07 14:37, Florian Westphal wrote:
>
>+#define CONNLIMIT_SLOTS 256 /* power-of-two */
>+#define CONNLIMIT_LOCK_SLOTS 32 /* power-of-two */
It's clear that 256 and 32 are powers of two. Or did you intend to
write "these should be a power of two"? Which would then raise the
question if they really need to be a power of two.
Given
> static inline unsigned int connlimit_iphash(__be32 addr)
> {
>- return jhash_1word((__force __u32)addr, connlimit_rnd) & 0xFF;
>+ return jhash_1word((__force __u32)addr,
>+ connlimit_rnd) % CONNLIMIT_SLOTS;
> }
>
>@@ -183,7 +188,7 @@ static int count_them(struct net *net,
>
> hhead = &data->iphash[hash];
>
>- spin_lock_bh(&data->lock);
>+ spin_lock_bh(&data->locks[hash % CONNLIMIT_LOCK_SLOTS]);
> count = count_hlist(net, hhead, tuple, addr, mask, family, &addit);
> if (addit) {
> if (add_hlist(hhead, tuple, addr))
it would seem that it is sufficient to have CONNLIMIT_SLOTS be
a multiple of CONNLIMIT_LOCK_SLOTS and
> {
> int ret;
>+
>+ BUILD_BUG_ON(CONNLIMIT_LOCK_SLOTS > CONNLIMIT_SLOTS);
>+
be followed by
BUILD_BUG_ON(CONNLIMIT_SLOTS % CONNLIMIT_LOCK_SLOTS != 0);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
