kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include/linux/netfilter
History
Stephen Hemminger 784544739a netfilter: iptables: lock free counters 
The reader/writer lock in ip_tables is acquired in the critical path of
processing packets and is one of the reasons just loading iptables can cause
a 20% performance loss. The rwlock serves two functions:

1) it prevents changes to table state (xt_replace) while table is in use.
   This is now handled by doing rcu on the xt_table. When table is
   replaced, the new table(s) are put in and the old one table(s) are freed
   after RCU period.

2) it provides synchronization when accesing the counter values.
   This is now handled by swapping in new table_info entries for each cpu
   then summing the old values, and putting the result back onto one
   cpu.  On a busy system it may cause sampling to occur at different
   times on each cpu, but no packet/byte counts are lost in the process.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>

Sucessfully tested on my dual quad core machine too, but iptables only (no ipv6 here)
BTW, my new "tbench 8" result is 2450 MB/s, (it was 2150 MB/s not so long ago)

Acked-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-02-20 10:35:32 +01:00
..
Kbuild netfilter: rename ipt_recent to xt_recent 2008-10-08 11:35:00 +02:00
nf_conntrack_amanda.h
nf_conntrack_common.h netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_dccp.h [NETFILTER]: nf_conntrack: add DCCP protocol support 2008-04-14 11:15:49 +02:00
nf_conntrack_ftp.h
nf_conntrack_h323.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h netfilter: netns nf_conntrack: GRE conntracking in netns 2008-10-08 11:35:10 +02:00
nf_conntrack_sane.h
nf_conntrack_sctp.h
nf_conntrack_sip.h netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last request 2008-05-08 01:15:21 -07:00
nf_conntrack_tcp.h netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged 2008-07-31 00:38:01 -07:00
nf_conntrack_tftp.h
nf_conntrack_tuple_common.h
nfnetlink.h netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat 2008-10-14 11:58:31 -07:00
nfnetlink_compat.h
nfnetlink_conntrack.h netfilter: ctnetlink: fix missing CTA_NAT_SEQ_UNSPEC 2008-12-16 01:19:41 -08:00
nfnetlink_log.h netfilter: nfnetlink_log: send complete hardware header 2008-07-21 10:11:00 -07:00
nfnetlink_queue.h
x_tables.h netfilter: iptables: lock free counters 2009-02-20 10:35:32 +01:00
xt_CLASSIFY.h
xt_comment.h
xt_connbytes.h
xt_connlimit.h
xt_CONNMARK.h
xt_connmark.h
xt_CONNSECMARK.h
xt_conntrack.h headers_check fix: netfilter/xt_conntrack.h 2009-01-30 20:00:47 +05:30
xt_dccp.h
xt_DSCP.h
xt_dscp.h
xt_esp.h
xt_hashlimit.h
xt_helper.h
xt_iprange.h
xt_length.h
xt_limit.h
xt_mac.h
xt_MARK.h
xt_mark.h
xt_multiport.h
xt_NFLOG.h
xt_NFQUEUE.h
xt_owner.h
xt_physdev.h
xt_pkttype.h
xt_policy.h
xt_quota.h
xt_RATEEST.h
xt_rateest.h
xt_realm.h
xt_recent.h netfilter: rename ipt_recent to xt_recent 2008-10-08 11:35:00 +02:00
xt_sctp.h
xt_SECMARK.h
xt_state.h
xt_statistic.h
xt_string.h netfilter: fix string extension for case insensitive pattern matching 2008-07-08 02:38:56 -07:00
xt_TCPMSS.h
xt_tcpmss.h
xt_TCPOPTSTRIP.h
xt_tcpudp.h
xt_time.h
xt_TPROXY.h netfilter: iptables TPROXY target 2008-10-08 11:35:12 +02:00
xt_u32.h