Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance

On Tue, 27 Sep 2005, Andi Kleen wrote:

That could be special cased and done lockless, with the counting
done per CPU.

It's also not very hard for iptables when verifying the table to concludethat there really isn't any "real" rules for a certain hook and thendelete that hook registration (only policy ACCEPT rule found). Allowingyou to have as many ip tables modules you like in the kernel, but onlyusing the hooks where you have rules. Drawback is that you loose thepacket counters on the policy.

Exception: iptable_nat. Needs the hooks for other purposes as well, notjust the iptable so here the hooks can not be deactivated when there is norules.

Regards
Henrik
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
  - From: Harald Welte <laforge@netfilter.org>

References:
- Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
  - From: Andi Kleen <ak@suse.de>
- Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
  - From: Harald Welte <laforge@netfilter.org>
- Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
  - From: Andi Kleen <ak@suse.de>

Prev by Date: Re: [PATCH 2/3] block cleanups: Add kconfig default iosched submenu
Next by Date: TCP=828mbps, UDP=1mbps? (both running 2.6.13.2)
Previous by thread: Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
Next by thread: Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]