Sasha Levin <sasha.levin@xxxxxxxxxx> wrote: > From: Florian Westphal <fw@xxxxxxxxx> > > This patch has been added to the 3.18 stable tree. If you have any > objections, please let us know. Note that I got a bug report about a severe performance regression introduced by this commit (30 second restore time -> 10 minutes(!)) I am working on this now. > [ Upstream commit 36472341017529e2b12573093cc0f68719300997 ] > > When we see a jump also check that the offset gets us to beginning of > a rule (an ipt_entry). > > The extra overhead is negible, even with absurd cases. > > 300k custom rules, 300k jumps to 'next' user chain: > [ plus one jump from INPUT to first userchain ]: > > Before: > real 0m24.874s > user 0m7.532s > sys 0m16.076s > > After: > real 0m27.464s > user 0m7.436s > sys 0m18.840s Might be because the dummy ruleset was too small, I'll retry adding some bogus matches to increase size. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html