On Thu, 2015-06-11 at 01:34 +0200, Florian Westphal wrote: > The binary arp/ip/ip6tables ruleset is stored per cpu. > > The only reason left as to why we need percpu duplication are the rule > counters embedded into ipt_entry et al -- since each cpu has its own copy > of the rules, all counters can be lockless. > > The downside is that the more cpus are supported, the more memory is > required. Rules are not just duplicated per online cpu but for each > possible cpu, i.e. if maxcpu is 144, then rule is duplicated 144 times, > not for the e.g. 64 cores present. > > To save some memory and also improve utilization of shared caches it > would be preferable to only store the rule blob once. > > So we first need to separate counters and the rule blob. > > Instead of using entry->counters, allocate this percpu and store the > percpu address in entry->counters.pcnt on CONFIG_SMP. > > This change makes no sense as-is; it is merely an intermediate step to > remove the percpu duplication of the rule set in a followup patch. > > Suggested-by: Eric Dumazet <edumazet@xxxxxxxxxx> > Acked-by: Jesper Dangaard Brouer <brouer@xxxxxxxxxx> > Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> Thanks ! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
