subashab@xxxxxxxxxxxxxx <subashab@xxxxxxxxxxxxxx> wrote: > I've updated the patch with your comments. > Do you expect a performance impact either in datapath or perhaps more in > the rule installation with the rcu changes. Rule installation. synchronize_rcu() can take several seconds on busy systems. > diff --git a/net/ipv4/netfilter/arp_tables.c > b/net/ipv4/netfilter/arp_tables.c > index d1e04d2..dda5d8f 100644 > --- a/net/ipv4/netfilter/arp_tables.c > +++ b/net/ipv4/netfilter/arp_tables.c > @@ -203,7 +203,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, > > local_bh_disable(); > addend = xt_write_recseq_begin(); > - private = READ_ONCE(table->private); /* Address dependency. */ > + private = xt_table_get_private_protected(table); Err, no, this needs to be plain rcu_dereference(table->private). Same in the other _do_table() versions. We do not hold the table mutex here.
