mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv6
History
Florian Westphal 482cfc3185 netfilter: xtables: avoid percpu ruleset duplication 
We store the rule blob per (possible) cpu.  Unfortunately this means we can
waste lot of memory on big smp machines. ipt_entry structure ('rule head')
is 112 byte, so e.g. with maxcpu=64 one single rule eats
close to 8k RAM.

Since previous patch made counters percpu it appears there is nothing
left in the rule blob that needs to be percpu.

On my test system (144 possible cpus, 400k dummy rules) this
change saves close to 9 Gigabyte of RAM.

Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-12 14:27:10 +02:00
..
netfilter netfilter: xtables: avoid percpu ruleset duplication 2015-06-12 14:27:10 +02:00
addrconf.c ipv6: Consider RTF_CACHE when searching the fib6 tree 2015-05-01 20:57:06 -04:00
addrconf_core.c ipv6: fix possible use after free of dev stats 2015-06-08 12:12:45 -07:00
addrlabel.c netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
af_inet6.c inet: add IP_BIND_ADDRESS_NO_PORT to overcome bind(0) limitations 2015-06-06 23:57:12 -07:00
ah6.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
datagram.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
esp6.c esp6: Use high-order sequence number bits for IV generation 2015-05-13 09:34:54 +02:00
exthdrs.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
exthdrs_core.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
exthdrs_offload.c
fib6_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-06 22:34:15 -04:00
icmp.c ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST 2015-05-25 13:25:33 -04:00
inet6_connection_sock.c net: convert syn_wait_lock to a spinlock 2015-03-23 16:52:26 -04:00
inet6_hashtables.c tcp: connect() from bound sockets can be faster 2015-05-27 14:30:10 -04:00
ip6_checksum.c
ip6_fib.c ipv6: Create percpu rt6_info 2015-05-25 13:25:35 -04:00
ip6_flowlabel.c ipv6: Flow label state ranges 2015-05-03 21:58:01 -04:00
ip6_gre.c ip6_gre: use netdev_alloc_pcpu_stats() 2015-04-22 15:39:05 -04:00
ip6_icmp.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ip6_input.c ipv6: Fix protocol resubmission 2015-06-08 12:13:17 -07:00
ip6_offload.c ipv6: coding style: comparison for inequality with NULL 2015-03-31 13:51:54 -04:00
ip6_offload.h
ip6_output.c ipv6: don't increase size when refragmenting forwarded ipv6 skbs 2015-05-25 17:22:23 -04:00
ip6_tunnel.c ipv6: Add rt6_get_cookie() function 2015-05-25 13:25:34 -04:00
ip6_udp_tunnel.c net: Modify sk_alloc to not reference count the netns of kernel sockets. 2015-05-11 10:50:18 -04:00
ip6_vti.c vti6: Add pmtu handling to vti6_xmit. 2015-06-01 16:03:43 -07:00
ip6mr.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
ipcomp6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
ipv6_sockglue.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
Kconfig
Makefile net: Export IGMP/MLD message validation code 2015-05-04 14:49:23 -04:00
mcast.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
mcast_snoop.c net: fix two sparse warnings introduced by IGMP/MLD parsing exports 2015-05-04 19:19:54 -04:00
mip6.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
ndisc.c ipv6: Remove external dependency on rt6i_dst and rt6i_src 2015-05-25 13:25:32 -04:00
netfilter.c netfilter: bridge: forward IPv6 fragmented packets 2015-06-12 14:10:12 +02:00
output_core.c ipv6: ipv6_select_ident() returns a __be32 2015-05-25 20:27:11 -04:00
ping.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
proc.c udp: Increment UDP_MIB_IGNOREDMULTI for arriving unmatched multicasts 2014-11-07 15:45:50 -05:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c ipv6: drop unneeded goto 2015-05-30 23:48:36 -07:00
reassembly.c ipv6: coding style: comparison for inequality with NULL 2015-03-31 13:51:54 -04:00
route.c ipv6: Create percpu rt6_info 2015-05-25 13:25:35 -04:00
sit.c ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available 2015-04-08 12:09:43 -04:00
syncookies.c tcp: get_cookie_sock() consolidation 2015-06-07 15:19:52 -07:00
sysctl_net_ipv6.c ipv6: Flow label state ranges 2015-05-03 21:58:01 -04:00
tcp_ipv6.c tcp: remove redundant checks II 2015-06-07 01:55:01 -07:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
udp.c udp: fix behavior of wrong checksums 2015-05-31 21:42:18 -07:00
udp_impl.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
udp_offload.c ipv6: hash net ptr into fragmentation bucket selection 2015-03-25 14:07:04 -04:00
udplite.c
xfrm6_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_policy.c ipv6: Add rt6_get_cookie() function 2015-05-25 13:25:34 -04:00
xfrm6_protocol.c
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00