... to speed up iptables(-restore) calls. Especially a pattern like for i in $(seq 1 1000) ; iptables -A FORWARD ;done is expensive, because adding the rule doubles the percpu counters (allocate 2nd blob, then free old one, including its percpu counters). This causes frequent expansion and shrinking of percpu memory pool. This change batches calls to the allocator by packing multiple counters in 4k memory chunks. Heavily based on suggestions from Eric Dumazet. The only change in v3 is in patch #2 which assigned garbage on UP (was fixed by next patch, but better to not do it in first place). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
