Re: [Patch nf-next] netfilter: make xt_rateest hash table per net

[Pablo Neira Ayuso]

On Thu, Mar 01, 2018 at 08:21:52PM -0800, Eric Dumazet wrote:
> On Thu, 2018-03-01 at 18:58 -0800, Cong Wang wrote:
> > As suggested by Eric, we need to make the xt_rateest
> > hash table and its lock per netns to reduce lock
> > contentions.
> > 
> > Cc: Florian Westphal 
> > Cc: Eric Dumazet 
> > Cc: Pablo Neira Ayuso 
> > Signed-off-by: Cong Wang 
> > ---
> >  include/net/netfilter/xt_rateest.h |  4 +-
> >  net/netfilter/xt_RATEEST.c | 91 
> > +++---
> >  net/netfilter/xt_rateest.c | 10 ++---
> >  3 files changed, 72 insertions(+), 33 deletions(-)
> 
> Very nice, thanks !
> 
> Reviewed-by: Eric Dumazet 

Applied, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [Patch nf-next] netfilter: make xt_rateest hash table per net

[Eric Dumazet]

On Thu, 2018-03-01 at 18:58 -0800, Cong Wang wrote:
> As suggested by Eric, we need to make the xt_rateest
> hash table and its lock per netns to reduce lock
> contentions.
> 
> Cc: Florian Westphal 
> Cc: Eric Dumazet 
> Cc: Pablo Neira Ayuso 
> Signed-off-by: Cong Wang 
> ---
>  include/net/netfilter/xt_rateest.h |  4 +-
>  net/netfilter/xt_RATEEST.c | 91 
> +++---
>  net/netfilter/xt_rateest.c | 10 ++---
>  3 files changed, 72 insertions(+), 33 deletions(-)

Very nice, thanks !

Reviewed-by: Eric Dumazet 

Although the main reason was to avoid name collisions between different
netns.

Hash table is small enough that it can be allocated for each netns.


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html