On Sun, Mar 12, 2017 at 07:38:47PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@xxxxxxxxx> > > Karel Rericha reported that in his test case, ICMP packets going through > boxes had normally about 5ms latency. But when running nft, actually > listing the sets with interval flags, latency would go up to 30-100ms. > This was observed when router throughput is from 600Mbps to 2Gbps. > > This is because we use a single global spinlock to protect the whole > rbtree sets, so "dumping sets" will race with the "key lookup" inevitably. > But actually they are all _readers_, so it's ok to convert the spinlock > to rwlock to avoid competition between them. Also use per-set rwlock since > each set is independent. Also applied, thanks for testing Karel. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
