On Tue, Feb 19, 2002 at 09:56:33AM +0000, Gianni Tedesco wrote: > Hi, > > Am i right in assuming match checkentry functions should be totally > reentrant? What about on UP systems? I read in ip_tables.c (iirc) that 2 > packets can be traversing iptables for each CPU. > > Currently the skip/shift tables are implemented as a global variable, > they are too big to go on the stack. If I do one global variable per > cpu, will this make it SMP safe?
I haven't read the code, but why are the skip/shift tables not part of the rule? all ip_tables are replicated for each cpu, resulting in the match/target info structures within the rules also be replicated over all cpus. So if you kepp all data in your per-rule data structure, nothing evil should happen. > // Gianni Tedesco <[EMAIL PROTECTED]> -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
