Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance
From: Harald Welte
Date: Fri Sep 23 2005 - 12:11:50 EST
On Thu, Sep 22, 2005 at 05:50:49PM +0200, Eric Dumazet wrote:
> Christoph Lameter a écrit :
> >It should really be do_set_mempolicy instead to be cleaner. I got a patch here that fixes the
> >policy layer.
> >But still I agree with Christoph that a real vmalloc_node is better. There will be no fuzzing
> >around with memory policies etc and its certainly better performance wise.
>
> vmalloc_node() should be seldom used, at driver init, or when a new
> ip_tables is loaded. If it happens to be a performance problem, then
> we can optimize it. Why should we spend days of work for a function
> that is yet to be used ?
I see a contradiction in your sentence. "a new ip_tables is loaded"
every time a user changes a single rule. There are numerous setups that
dynamically change the ruleset (e.g. at interface up/down point, or even
think of your typical wlan hotspot, where once a user is authorized,
he'll get different rules.
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
Attachment:
pgp00000.pgp
Description: PGP signature