On Thu, 2018-03-01 at 18:58 -0800, Cong Wang wrote: > As suggested by Eric, we need to make the xt_rateest > hash table and its lock per netns to reduce lock > contentions. > > Cc: Florian Westphal <fw@xxxxxxxxx> > Cc: Eric Dumazet <edumazet@xxxxxxxxxx> > Cc: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx> > --- > include/net/netfilter/xt_rateest.h | 4 +- > net/netfilter/xt_RATEEST.c | 91 +++++++++++++++++++++++++++----------- > net/netfilter/xt_rateest.c | 10 ++--- > 3 files changed, 72 insertions(+), 33 deletions(-) Very nice, thanks ! Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx> Although the main reason was to avoid name collisions between different netns. Hash table is small enough that it can be allocated for each netns. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
