mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include/net/netfilter
History
Vladimir Davydov dece40e848 netfilter: nf_conntrack: speed up module removal path if netns in use 
The patch introduces nf_conntrack_cleanup_net_list(), which cleanups
nf_conntrack for a list of netns and calls synchronize_net() only once
for them all. This should reduce netns destruction time.

I've measured cleanup time for 1k dummy net ns. Here are the results:

 <without the patch>
 # modprobe nf_conntrack
 # time modprobe -r nf_conntrack

 real	0m10.337s
 user	0m0.000s
 sys	0m0.376s

 <with the patch>
 # modprobe nf_conntrack
 # time modprobe -r nf_conntrack

 real    0m5.661s
 user    0m0.000s
 sys     0m0.216s

Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2013-03-19 17:08:31 +01:00
..
ipv4 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
ipv6 netfilter: fix compilation when conntrack is disabled but tproxy is enabled 2011-01-12 20:25:08 +01:00
nf_conntrack.h netfilter: nf_conntrack: improve nf_conn object traceability 2012-12-03 15:06:33 +01:00
nf_conntrack_acct.h netfilter: nf_ct_acct: move initialization out of pernet_operations 2013-01-23 12:55:29 +01:00
nf_conntrack_core.h netfilter: nf_conntrack: speed up module removal path if netns in use 2013-03-19 17:08:31 +01:00
nf_conntrack_ecache.h netfilter: nf_ct_ecache: move initialization out of pernet_operations 2013-01-23 12:55:50 +01:00
nf_conntrack_expect.h netfilter: nf_ct_expect: move initialization out of pernet_operations 2013-01-23 12:55:00 +01:00
nf_conntrack_extend.h netfilter: add connlabel conntrack extension 2013-01-18 00:28:15 +01:00
nf_conntrack_helper.h netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_conntrack_l3proto.h netfilter: nf_conntrack: refactor l3proto support for netns 2013-01-23 14:39:20 +01:00
nf_conntrack_l4proto.h netfilter: nf_conntrack: refactor l4proto support for netns 2013-01-23 14:40:53 +01:00
nf_conntrack_labels.h netfilter: nf_ct_labels: move initialization out of pernet_operations 2013-01-23 12:56:23 +01:00
nf_conntrack_timeout.h netfilter: nf_ct_timeout: move initialization out of pernet_operations 2013-01-23 12:56:02 +01:00
nf_conntrack_timestamp.h netfilter: nf_ct_tstamp: move initialization out of pernet_operations 2013-01-23 12:55:39 +01:00
nf_conntrack_tuple.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_conntrack_zones.h netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n 2010-02-18 19:04:44 +01:00
nf_log.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
nf_nat.h netfilter: nf_nat: Handle routing changes in MASQUERADE target 2012-12-03 15:14:20 +01:00
nf_nat_core.h netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_helper.h netfilter: nf_nat: add protoff argument to packet mangling functions 2012-08-30 03:00:13 +02:00
nf_nat_l3proto.h netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
nf_nat_l4proto.h netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
nf_queue.h netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nf_tproxy_core.h soreuseport: TCP/IPv6 implementation 2013-01-23 13:44:01 -05:00
nfnetlink_log.h nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space 2010-07-15 11:27:41 +02:00
nfnetlink_queue.h netfilter: fix missing symbols if CONFIG_NETFILTER_NETLINK_QUEUE_CT unset 2012-06-18 21:09:17 -07:00
xt_log.h netfilter: xt_LOG: don't use xchg() for simple assignment 2012-03-26 14:00:28 +02:00
xt_rateest.h Merge branch 'master' of /repos/git/net-next-2.6 2010-06-15 17:31:06 +02:00