Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > On Mon, 2014-03-17 at 13:42 +0100, Pablo Neira Ayuso wrote: > > From: Florian Westphal <fw@xxxxxxxxx> > > > > connlimit currently suffers from spinlock contention, example for > > 4-core system with rps enabled: > > > +#define CONNLIMIT_SLOTS 256 > > +#define CONNLIMIT_LOCK_SLOTS 32 > > 32 spinlocks use 2 cache lines (assuming 4 bytes per spinlock, and 64 > bytes cache lines) > > So I guess this probably should be increased to have less false sharing. True, Jesper pointed out the same thing to me. > I believe this hash table of spinlocks could be global, not in each > struct xt_connlimit_data. Good point. Indeed, this can be global. I did not increase it since more locks than tree slots is illegal (need exclusive access to each rtree at this time). I guess we could align it or increase number of lock and rbtree slots (after moving lock slots out of connlimit data). Thanks for the heads-up Eric, I'll see about addressing this later this week if noone beats me to it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
