On Tue, Nov 22, 2016 at 02:44:16PM +0100, Florian Westphal wrote: > ... to speed up iptables(-restore) calls. > > Especially a pattern like > > for i in $(seq 1 1000) ; iptables -A FORWARD ;done > > is expensive, because adding the rule doubles the percpu counters (allocate > 2nd blob, then free old one, including its percpu counters). > This causes frequent expansion and shrinking of percpu memory pool. > > This change batches calls to the allocator by packing multiple counters > in 4k memory chunks. > > Heavily based on suggestions from Eric Dumazet. > > The only change in v3 is in patch #2 which assigned garbage on UP > (was fixed by next patch, but better to not do it in first place). Series applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
