... to speed up iptables(-restore) calls. Especially a pattern like for i in $(seq 1 1000) ; iptables -A FORWARD ;done is expensive, because adding the rule doubles the percpu counters (allocate 2nd blob, then free old one, including its percpu counters). This causes frequent expansion and shrinking of percpu memory pool. This change batches calls to the allocator by packing multiple counters in 4k memory chunks. Heavily based on suggestions from Eric Dumazet. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
