Stephen Hemminger 784544739a netfilter: iptables: lock free counters ... The reader/writer lock in ip_tables is acquired in the critical path of processing packets and is one of the reasons just loading iptables can cause a 20% performance loss. The rwlock serves two functions: 1) it prevents changes to table state (xt_replace) while table is in use. This is now handled by doing rcu on the xt_table. When table is replaced, the new table(s) are put in and the old one table(s) are freed after RCU period. 2) it provides synchronization when accesing the counter values. This is now handled by swapping in new table_info entries for each cpu then summing the old values, and putting the result back onto one cpu. On a busy system it may cause sampling to occur at different times on each cpu, but no packet/byte counts are lost in the process. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Sucessfully tested on my dual quad core machine too, but iptables only (no ipv6 here) BTW, my new "tbench 8" result is 2450 MB/s, (it was 2150 MB/s not so long ago) Acked-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Patrick McHardy <kaber@trash.net>		2009-02-20 10:35:32 +01:00
..
arp_tables.c	netfilter: iptables: lock free counters	2009-02-20 10:35:32 +01:00
arpt_mangle.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
arptable_filter.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
ip_queue.c	netns: Use net_eq() to compare net-namespaces for optimization.	2008-07-19 22:34:43 -07:00
ip_tables.c	netfilter: iptables: lock free counters	2009-02-20 10:35:32 +01:00
ipt_addrtype.c	netfilter: netns-aware ipt_addrtype	2008-11-04 14:21:48 +01:00
ipt_ah.c	netfilter: xtables: move extension arguments into compound structure (2/6)	2008-10-08 11:35:18 +02:00
ipt_CLUSTERIP.c	net: replace NIPQUAD() in net/ipv4/netfilter/	2008-10-31 00:53:08 -07:00
ipt_ecn.c	netfilter: xtables: move extension arguments into compound structure (2/6)	2008-10-08 11:35:18 +02:00
ipt_ECN.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
ipt_LOG.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2008-12-28 12:49:40 -08:00
ipt_MASQUERADE.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
ipt_NETMAP.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
ipt_REDIRECT.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
ipt_REJECT.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
ipt_ULOG.c	netfilter: xtables: move extension arguments into compound structure (5/6)	2008-10-08 11:35:19 +02:00
iptable_filter.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
iptable_mangle.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
iptable_raw.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
iptable_security.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
Kconfig	netfilter: xtables: add backward-compat options	2009-02-19 11:16:03 +01:00
Makefile	netfilter: Combine ipt_ttl and ip6t_hl source	2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv4_compat.c	cpumask: prepare for iterators to only go to nr_cpu_ids/nr_cpumask_bits: net	2008-12-29 22:44:47 -08:00
nf_conntrack_l3proto_ipv4.c	netfilter 01/09: remove "happy cracking" message	2009-01-12 21:18:33 -08:00
nf_conntrack_proto_icmp.c	netfilter 06/09: nf_conntrack: fix ICMP/ICMPv6 timeout sysctls on big-endian	2009-01-12 21:18:35 -08:00
nf_defrag_ipv4.c	netfilter: restore lost #ifdef guarding defrag exception	2008-10-14 11:56:59 -07:00
nf_nat_amanda.c	[NETFILTER]: remove unneeded rcu_dereference() calls	2007-11-07 04:08:23 -08:00
nf_nat_core.c	netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat	2008-10-14 11:58:31 -07:00
nf_nat_ftp.c	[NETFILTER]: remove unneeded rcu_dereference() calls	2007-11-07 04:08:23 -08:00
nf_nat_h323.c	net: replace NIPQUAD() in net/ipv4/netfilter/	2008-10-31 00:53:08 -07:00
nf_nat_helper.c	netfilter: netns nf_conntrack: pass conntrack to nf_conntrack_event_cache() not skb	2008-10-08 11:35:07 +02:00
nf_nat_irc.c	net: replace NIPQUAD() in net/ipv4/netfilter/	2008-10-31 00:53:08 -07:00
nf_nat_pptp.c	netfilter: netns nat: PPTP NAT in netns	2008-10-08 11:35:11 +02:00
nf_nat_proto_common.c	nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization	2008-08-18 21:32:32 -07:00
nf_nat_proto_dccp.c	[NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre	2008-04-14 11:15:54 +02:00
nf_nat_proto_gre.c	[NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre	2008-04-14 11:15:54 +02:00
nf_nat_proto_icmp.c	[NETFILTER]: nf_nat: use bool type in nf_nat_proto	2008-04-14 11:15:53 +02:00
nf_nat_proto_sctp.c	sctp: remove unnecessary byteshifting, calculate directly in big-endian	2008-07-18 23:07:09 -07:00
nf_nat_proto_tcp.c	[NETFILTER]: nf_nat: use bool type in nf_nat_proto	2008-04-14 11:15:53 +02:00
nf_nat_proto_udp.c	[NETFILTER]: nf_nat: use bool type in nf_nat_proto	2008-04-14 11:15:53 +02:00
nf_nat_proto_udplite.c	[NETFILTER]: nf_nat: use bool type in nf_nat_proto	2008-04-14 11:15:53 +02:00
nf_nat_proto_unknown.c	[NETFILTER]: nf_nat: use bool type in nf_nat_proto	2008-04-14 11:15:53 +02:00
nf_nat_rule.c	netfilter: x_tables: remove unneeded initializations	2009-02-18 16:30:20 +01:00
nf_nat_sip.c	net: replace NIPQUAD() in net/ipv4/netfilter/	2008-10-31 00:53:08 -07:00
nf_nat_snmp_basic.c	net: replace uses of __constant_{endian}	2009-02-01 00:45:17 -08:00
nf_nat_standalone.c	[NETFILTER]: nf_nat: kill helper and seq_adjust hooks	2008-04-14 11:15:52 +02:00
nf_nat_tftp.c	[NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const	2008-01-31 19:28:08 -08:00