On Tue, 27 Sep 2005, Andi Kleen wrote:
That could be special cased and done lockless, with the counting
done per CPU.
It's also not very hard for iptables when verifying the table to conclude
that there really isn't any "real" rules for a certain hook and then
delete that hook registration (only policy ACCEPT rule found). Allowing
you to have as many ip tables modules you like in the kernel, but only
using the hooks where you have rules. Drawback is that you loose the
packet counters on the policy.
Exception: iptable_nat. Needs the hooks for other purposes as well, not
just the iptable so here the hooks can not be deactivated when there is no
rules.
Regards
Henrik
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|