commit phase is slow as it can invoke synchronize_rcu twice (depending on the batch). Remove the unconditional synchronize_rcu() by storing rcu-protected array of the active rules. After this, nft_do_chain always gets a consistent snapshot and no longer needs to examine the rule struct to decide wheter the rule is still active in the current generation or not, and therefore we no longer need to call synchronize_rcu after incrementing generation. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
