[PATCH] fix iptables on systems with discontiguous processor ids
dada1 at cosmosbay.com
Tue Oct 11 16:13:03 CEST 2005
Henrik Nordstrom a écrit :
> On Mon, 10 Oct 2005, Harald Welte wrote:
>> I don't know why they are incomplete ;) My guess is that they're mostly
>> targeted to per_cpu users. Basically to solve the 'iptables' problem,
>> there are two ways:
> Or three.
> 3) Keep an NUM_CPUS array of pointers to the per-cpu tables, allocated
> separately per CPU instead of allocating a single large blob for all
> CPUs. These pointers are updated using RCU, and indexed using the
> physical CPU id.
Yes, this is what I suggested some weeks ago with a patch.
As vmalloc_node() is not yet part of kernel, I even coded a substitute for it.
(per_cpu/kmalloc are not an option since the allocations done in iptables can
be very large)
> Cost: One (most likely cached) indirect memory access on each packet,
> and slightly more complex update procedure (num_possible_cpus
> allocations and pointers to update instead of just one).
More information about the netfilter-devel