Patrick Schaaf <netdev@xxxxxx> wrote: > Hi Florian (+ list), (resend without HTML part...) > > would it be feasible to have sysctl knobs to disable the counters? > > Easiest approach might be to keep all the counter memory allocation > as it is (or as it is changed with your current work), and just not count at > packet processing time. Which should make things a bit faster (no > cache pollution for the RMW counter access of any matching rules.) > > More complicated approach might even save the whole counter > memory consumption, faking 0 values when returning counters to > userlevel, and ignoring userlevel supplied values (iptables-restore) I'm not sure its worth doing, nftables does the right thing already. I'm merely looking at the percpu rule deduplication because increase in number of cpus is starting to make it problematic from memory consumption point of view, and ip(6)tables isn't going to disappear anytime soon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
