OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv4
History
Florian Westphal 482cfc3185 netfilter: xtables: avoid percpu ruleset duplication 
We store the rule blob per (possible) cpu.  Unfortunately this means we can
waste lot of memory on big smp machines. ipt_entry structure ('rule head')
is 112 byte, so e.g. with maxcpu=64 one single rule eats
close to 8k RAM.

Since previous patch made counters percpu it appears there is nothing
left in the rule blob that needs to be percpu.

On my test system (144 possible cpus, 400k dummy rules) this
change saves close to 9 Gigabyte of RAM.

Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2015-06-12 14:27:10 +02:00
..
netfilter netfilter: xtables: avoid percpu ruleset duplication 2015-06-12 14:27:10 +02:00
Kconfig tcp: add CDG congestion control 2015-06-11 00:09:12 -07:00
Makefile tcp: add CDG congestion control 2015-06-11 00:09:12 -07:00
af_inet.c inet: add IP_BIND_ADDRESS_NO_PORT to overcome bind(0) limitations 2015-06-06 23:57:12 -07:00
ah4.c
arp.c
cipso_ipv4.c
datagram.c
devinet.c
esp4.c esp4: Use high-order sequence number bits for IV generation 2015-05-13 09:34:53 +02:00
fib_frontend.c
fib_lookup.h
fib_rules.c
fib_semantics.c ipv4: remove the unnecessary codes in fib_info_hash_move 2015-05-02 22:17:44 -04:00
fib_trie.c fib_trie: coding style: Use pointer after check 2015-06-07 23:45:40 -07:00
fou.c fou: avoid missing unlock in failure path 2015-04-16 12:11:19 -04:00
geneve_core.c geneve_core: identify as driver library in modules description 2015-05-13 15:59:13 -04:00
gre_demux.c
gre_offload.c
icmp.c
igmp.c net: Export IGMP/MLD message validation code 2015-05-04 14:49:23 -04:00
inet_connection_sock.c tcp: improve REUSEADDR/NOREUSEADDR cohabitation 2015-05-21 18:55:32 -04:00
inet_diag.c tcp: prepare CC get_info() access from getsockopt() 2015-04-29 17:10:38 -04:00
inet_fragment.c
inet_hashtables.c tcp: connect() from bound sockets can be faster 2015-05-27 14:30:10 -04:00
inet_lro.c
inet_timewait_sock.c tcp/dccp: tw_timer_handler() is static 2015-05-13 15:21:33 -04:00
inetpeer.c
ip_forward.c ip: reject too-big defragmented DF-skb when forwarding 2015-05-25 00:08:48 -04:00
ip_fragment.c ip_fragment: don't forward defragmented DF packet 2015-05-27 13:03:31 -04:00
ip_gre.c
ip_input.c
ip_options.c
ip_output.c net: ip_fragment: remove BRIDGE_NETFILTER mtu special handling 2015-06-12 14:16:46 +02:00
ip_sockglue.c inet: add IP_BIND_ADDRESS_NO_PORT to overcome bind(0) limitations 2015-06-06 23:57:12 -07:00
ip_tunnel.c
ip_tunnel_core.c ip_tunnel: Report Rx dropped in ip_tunnel_get_stats64 2015-05-14 22:30:54 -04:00
ip_vti.c ip_vti/ip6_vti: Preserve skb->mark after rcv_cb call 2015-05-28 06:23:32 +02:00
ipcomp.c
ipconfig.c
ipip.c ipip: fix one sparse error 2015-05-17 13:08:29 -04:00
ipmr.c
netfilter.c
ping.c ipv4: Missing sk_nulls_node_init() in ping_unhash(). 2015-05-01 22:02:47 -04:00
proc.c tcp: add TCPWinProbe and TCPKeepAlive SNMP counters 2015-05-09 16:42:32 -04:00
protocol.c
raw.c Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-13 18:18:05 -04:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-23 01:22:35 -04:00
syncookies.c tcp: get_cookie_sock() consolidation 2015-06-07 15:19:52 -07:00
sysctl_net_ipv4.c net: limit tcp/udp rmem/wmem to SOCK_{RCV,SND}BUF_MIN 2015-05-30 17:37:44 -07:00
tcp.c net: make skb_splice_bits more configureable 2015-05-25 00:06:59 -04:00
tcp_bic.c
tcp_cdg.c tcp: add CDG congestion control 2015-06-11 00:09:12 -07:00
tcp_cong.c tcp: fix child sockets to use system default congestion control if not set 2015-05-31 21:49:14 -07:00
tcp_cubic.c
tcp_dctcp.c net: tcp: dctcp_update_alpha() fixes. 2015-06-10 23:28:33 -07:00
tcp_diag.c
tcp_fastopen.c tcp: fix a potential deadlock in tcp_get_info() 2015-05-22 13:46:06 -04:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c tcp: prepare CC get_info() access from getsockopt() 2015-04-29 17:10:38 -04:00
tcp_input.c tcp: fill shinfo->gso_size at last moment 2015-06-11 16:33:11 -07:00
tcp_ipv4.c tcp: remove redundant checks II 2015-06-07 01:55:01 -07:00
tcp_lp.c
tcp_memcontrol.c
tcp_metrics.c
tcp_minisocks.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
tcp_offload.c tcp: reserve tcp_skb_mss() to tcp stack 2015-06-11 16:33:10 -07:00
tcp_output.c tcp: remove obsolete check in tcp_set_skb_tso_segs() 2015-06-11 16:33:11 -07:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c tcp: introduce tcp_under_memory_pressure() 2015-05-17 22:45:48 -04:00
tcp_vegas.c tcp: prepare CC get_info() access from getsockopt() 2015-04-29 17:10:38 -04:00
tcp_vegas.h tcp: prepare CC get_info() access from getsockopt() 2015-04-29 17:10:38 -04:00
tcp_veno.c
tcp_westwood.c tcp_westwood: fix tcp_westwood_info() 2015-05-05 19:50:09 -04:00
tcp_yeah.c
tunnel4.c
udp.c ipv4/udp: Verify multicast group is ours in upd_v4_early_demux() 2015-06-04 00:46:26 -07:00
udp_diag.c
udp_impl.h
udp_offload.c
udp_tunnel.c net: Modify sk_alloc to not reference count the netns of kernel sockets. 2015-05-11 10:50:18 -04:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c