redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/ipv6/netfilter
History
Eric Dumazet 83723d6071 netfilter: x_tables: dont block BH while reading counters 
Using "iptables -L" with a lot of rules have a too big BH latency.
Jesper mentioned ~6 ms and worried of frame drops.

Switch to a per_cpu seqlock scheme, so that taking a snapshot of
counters doesnt need to block BH (for this cpu, but also other cpus).

This adds two increments on seqlock sequence per ipt_do_table() call,
its a reasonable cost for allowing "iptables -L" not block BH
processing.

Reported-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2011-01-10 20:11:38 +01:00
..
Kconfig netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY 2010-10-25 13:58:36 -07:00
Makefile Net: ipv6: netfiliter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:12 -08:00
ip6_queue.c netfilter: ip6_queue: rwlock to spinlock conversion 2010-06-09 16:25:08 +02:00
ip6_tables.c netfilter: x_tables: dont block BH while reading counters 2011-01-10 20:11:38 +01:00
ip6t_LOG.c netfilter: ipt_LOG: add bufferisation to call printk() once 2010-10-04 20:56:05 +02:00
ip6t_REJECT.c ipv6: Use ip6_dst_hoplimit() instead of direct dst_metric() calls. 2010-12-12 21:14:46 -08:00
ip6t_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_hbh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_ipv6header.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_rt.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6table_filter.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
ip6table_mangle.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
ip6table_raw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip6table_security.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nf_conntrack_l3proto_ipv6.c tproxy: split off ipv6 defragmentation to a separate module 2010-10-21 16:03:43 +02:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
nf_conntrack_reasm.c netfilter: ipv6: fix overlap check for fragments 2010-11-12 08:51:55 +01:00
nf_defrag_ipv6_hooks.c tproxy: split off ipv6 defragmentation to a separate module 2010-10-21 16:03:43 +02:00