Re: [PATCH nf] netfilter: nf_tables: fix inconsistent element expiration calculation

2016-11-21 0:38 GMT+08:00 Anders K. Pedersen | Cohaesio : > From: Anders K. Pedersen > > As Liping Zhang reports, after commit a8b1e36d0d1d ("netfilter: nft_dynset: > fix element timeout for HZ != 1000"), priv->timeout was stored in jiffies, > while

Re: netfilter question

On Sun, 2016-11-20 at 09:31 -0800, Eric Dumazet wrote: > Thanks Eric, I will test the patch myself, because I believe we need it > asap ;) Current net-next without Florian patch : lpaa24:~# time for f in `seq 1 2000` ; do iptables -A FORWARD ; done real0m12.856s user0m0.590s sys

Re: netfilter question

On Sun, 2016-11-20 at 12:22 -0500, Eric D wrote: > I'm currently abroad for work and will come back home soon. I will > test the solution and provide feedback to Florian by end of week. > > Thanks for jumping on this quickly. > > Eric > > > On Nov 20, 2016 7:33 AM, "Eric Dumazet"

[PATCH nf] netfilter: nf_tables: fix inconsistent element expiration calculation

From: Anders K. Pedersen As Liping Zhang reports, after commit a8b1e36d0d1d ("netfilter: nft_dynset: fix element timeout for HZ != 1000"), priv->timeout was stored in jiffies, while set->timeout was stored in milliseconds. This is inconsistent and incorrect. Firstly, we

Re: [PATCH nf] netfilter: nft_dynset: fix incorrect element expiration calculation

2016-11-20 17:38 GMT+08:00 Anders K. Pedersen | Cohaesio : [...] > I believe that updating elements in dynsets can happen much more > frequently than interactions with userspace. One of my own use cases is Make sense. Considering the performance cost, your patch looks better:)

Re: [PATCH nf] netfilter: nft_dynset: fix incorrect element expiration calculation

Hi Liping, On søn, 2016-11-20 at 14:18 +0800, Liping Zhang wrote: > After commit a8b1e36d0d1d ("netfilter: nft_dynset: fix element > timeout > for HZ != 1000"), priv->timeout was stored in jiffies, while > set->timeout was stored in milliseconds. This is inconsistent and > incorrect. > >