Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750921AbVIWRsB (ORCPT ); Fri, 23 Sep 2005 13:48:01 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750907AbVIWRsB (ORCPT ); Fri, 23 Sep 2005 13:48:01 -0400 Received: from mf00.sitadelle.com ([212.94.174.67]:48672 "EHLO smtp.cegetel.net") by vger.kernel.org with ESMTP id S1750900AbVIWRsA (ORCPT ); Fri, 23 Sep 2005 13:48:00 -0400 Message-ID: <43343FC9.5090601@cosmosbay.com> Date: Fri, 23 Sep 2005 19:47:53 +0200 From: Eric Dumazet User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: fr, en MIME-Version: 1.0 To: Harald Welte Cc: Christoph Lameter , Andi Kleen , Christoph Hellwig , "David S. Miller" , linux-kernel@vger.kernel.org, netfilter-devel@lists.netfilter.org, netdev@vger.kernel.org Subject: Re: [PATCH 0/3] netfilter : 3 patches to boost ip_tables performance References: <43308324.70403@cosmosbay.com> <200509221454.22923.ak@suse.de> <20050922125849.GA27413@infradead.org> <200509221505.05395.ak@suse.de> <4332D2D9.7090802@cosmosbay.com> <20050923171120.GO731@sunbeam.de.gnumonks.org> In-Reply-To: <20050923171120.GO731@sunbeam.de.gnumonks.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1540 Lines: 34 Harald Welte a ?crit : > On Thu, Sep 22, 2005 at 05:50:49PM +0200, Eric Dumazet wrote: > >>Christoph Lameter a ?crit : >> >>>It should really be do_set_mempolicy instead to be cleaner. I got a patch here that fixes the >>>policy layer. >>>But still I agree with Christoph that a real vmalloc_node is better. There will be no fuzzing >>>around with memory policies etc and its certainly better performance wise. >> >>vmalloc_node() should be seldom used, at driver init, or when a new >>ip_tables is loaded. If it happens to be a performance problem, then >>we can optimize it. Why should we spend days of work for a function >>that is yet to be used ? > > > I see a contradiction in your sentence. "a new ip_tables is loaded" > every time a user changes a single rule. There are numerous setups that > dynamically change the ruleset (e.g. at interface up/down point, or even > think of your typical wlan hotspot, where once a user is authorized, > he'll get different rules. > But a user changing a single rule usually calls (fork()/exec()) a program called iptables. The underlying cost of all this, plus copying the rules to user space, so that iptables change them and reload them in the kernel is far more important than an hypothetical vmalloc_node() performance problem. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/