conntrack locking
Jozsef Kadlecsik
kadlec@blackhole.kfki.hu
Thu, 10 Feb 2000 13:12:59 +0100 (CET)
Hello,
I'm thinking on how to improve the locking in conntrack. First it seemed
to be easy: just add locks to the ip_conntrack_hash per entry and that's
'all'. However the generation count (ip_conntrack_gen) prevents to do it
easily: it would behave as a global lock in conntrack again.
So I suggest to eliminate the generation count. Put the logic into
the netfilter device by adding the connection expiration time
to nfdev_head. Then when a packet is returned from the userspace, one can
make sure in nf_write that the pointer to the conntrack hash is still
valid.
What is your opinion?
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary