On Tue, Jul 14, 2015 at 05:51:05PM +0200, Florian Westphal wrote: > During NFWS 2015 Eric Dumazet suggested various ideas to make > the xtables table traverser function setup less expensive. > > In particular, the *_do_table functions keep track of the current > stack pointer. > > It appears that we can simplify this to always start from 0 > (therefore allowing us to avoid the save/restore) provided we make sure > that we use an alternate jump stack when we enter the traverser recursively > via TEE target. > > This implements some of Erics ideas. Series from 1 to 5 applied. > NOTE1: The last patch may break valid iptables rulesets. > Its the clasic question wheter we're willing to reject bizarre ruleset > or not. If this patch is acceptable, we can avoid one more dereference > by using percpu allocation for the jumpstack as follow work. If we take this patch into the tree, I'd wait for quite some time to make sure nobody barfs to us with problems, so we can revert it. Otherwise, the (unlikely) scenario would require several reverts in a row, starting from this to further suggested enhancements, right? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
