nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity
kernel/include/linux/netfilter
History
Eric Dumazet 83723d6071 netfilter: x_tables: dont block BH while reading counters 
Using "iptables -L" with a lot of rules have a too big BH latency.
Jesper mentioned ~6 ms and worried of frame drops.

Switch to a per_cpu seqlock scheme, so that taking a snapshot of
counters doesnt need to block BH (for this cpu, but also other cpus).

This adds two increments on seqlock sequence per ipt_do_table() call,
its a reasonable cost for allowing "iptables -L" not block BH
processing.

Reported-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-01-10 20:11:38 +01:00
..
Kbuild include: replace unifdef-y with header-y 2010-08-14 22:26:51 +02:00
nf_conntrack_amanda.h
nf_conntrack_common.h netfilter: ctnetlink: add expectation deletion events 2010-10-19 10:19:06 +02:00
nf_conntrack_dccp.h
nf_conntrack_ftp.h
nf_conntrack_h323.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h
nf_conntrack_sane.h
nf_conntrack_sctp.h
nf_conntrack_sip.h netfilter: nf_conntrack_sip: Add callid parser 2010-10-04 22:45:23 +09:00
nf_conntrack_tcp.h
nf_conntrack_tftp.h
nf_conntrack_tuple_common.h netfilter: include/linux/netfilter/nf_conntrack_tuple_common.h: Checkpatch cleanup 2010-03-08 13:13:07 +01:00
nfnetlink.h netfilter: ctnetlink: fix reliable event delivery if message building fails 2010-03-20 14:29:03 -07:00
nfnetlink_compat.h
nfnetlink_conntrack.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
nfnetlink_log.h nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space 2010-07-15 11:27:41 +02:00
nfnetlink_queue.h
x_tables.h netfilter: x_tables: dont block BH while reading counters 2011-01-10 20:11:38 +01:00
xt_CHECKSUM.h netfilter: correct CHECKSUM header and export it 2010-07-16 14:08:20 +02:00
xt_CLASSIFY.h
xt_cluster.h
xt_comment.h
xt_connbytes.h
xt_connlimit.h
xt_connmark.h netfilter: xtables: merge xt_CONNMARK into xt_connmark 2010-03-17 15:48:36 +01:00
xt_CONNMARK.h netfilter: xtables: merge xt_CONNMARK into xt_connmark 2010-03-17 15:48:36 +01:00
xt_CONNSECMARK.h
xt_conntrack.h
xt_cpu.h netfilter: add xt_cpu match 2010-07-23 12:59:36 +02:00
xt_CT.h netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_dccp.h
xt_DSCP.h
xt_dscp.h
xt_esp.h
xt_hashlimit.h
xt_helper.h
xt_IDLETIMER.h header: fix broken headers for user space 2010-08-22 21:15:39 -07:00
xt_iprange.h
xt_ipvs.h netfilter: fix userspace header warning 2010-08-18 23:34:26 -07:00
xt_LED.h
xt_length.h
xt_limit.h
xt_mac.h
xt_mark.h netfilter: xtables: merge xt_MARK into xt_mark 2010-03-17 15:48:36 +01:00
xt_MARK.h netfilter: xtables: merge xt_MARK into xt_mark 2010-03-17 15:48:36 +01:00
xt_multiport.h
xt_NFLOG.h
xt_NFQUEUE.h
xt_osf.h
xt_owner.h
xt_physdev.h
xt_pkttype.h
xt_policy.h
xt_quota.h xt_quota: report initial quota value instead of current value to userspace 2010-07-23 14:07:47 +02:00
xt_RATEEST.h
xt_rateest.h
xt_realm.h
xt_recent.h netfilter: xt_recent: check for unsupported user space flags 2010-03-17 16:18:56 +01:00
xt_sctp.h
xt_SECMARK.h secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
xt_socket.h
xt_state.h
xt_statistic.h
xt_string.h
xt_TCPMSS.h
xt_tcpmss.h
xt_TCPOPTSTRIP.h
xt_tcpudp.h
xt_TEE.h netfilter: xt_TEE: resolve oif using netdevice notifiers 2010-04-20 15:07:32 +02:00
xt_time.h
xt_TPROXY.h tproxy: added IPv6 support to the TPROXY target 2010-10-21 16:17:26 +02:00
xt_u32.h