Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754631AbZDVO6e (ORCPT ); Wed, 22 Apr 2009 10:58:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752629AbZDVO6U (ORCPT ); Wed, 22 Apr 2009 10:58:20 -0400 Received: from gw1.cosmosbay.com ([212.99.114.194]:51029 "EHLO gw1.cosmosbay.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751246AbZDVO6T convert rfc822-to-8bit (ORCPT ); Wed, 22 Apr 2009 10:58:19 -0400 Message-ID: <49EF303E.9070009@cosmosbay.com> Date: Wed, 22 Apr 2009 16:57:02 +0200 From: Eric Dumazet User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Stephen Hemminger CC: Ingo Molnar , Linus Torvalds , Paul Mackerras , paulmck@linux.vnet.ibm.com, Evgeniy Polyakov , David Miller , kaber@trash.net, jeff.chua.linux@gmail.com, laijs@cn.fujitsu.com, jengelh@medozas.de, r000n@r000n.net, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, benh@kernel.crashing.org, mathieu.desnoyers@polymtl.ca Subject: Re: [PATCH] netfilter: use per-cpu recursive lock (v13) References: <20090418094001.GA2369@ioremap.net> <20090418141455.GA7082@linux.vnet.ibm.com> <20090420103414.1b4c490f@nehalam> <49ECBE0A.7010303@cosmosbay.com> <18924.59347.375292.102385@cargo.ozlabs.ibm.com> <20090420215827.GK6822@linux.vnet.ibm.com> <18924.64032.103954.171918@cargo.ozlabs.ibm.com> <20090420160121.268a8226@nehalam> <20090421111541.228e977a@nehalam> <20090421193924.GA24404@elte.hu> <20090421143927.52d7d89d@nehalam> In-Reply-To: <20090421143927.52d7d89d@nehalam> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (gw1.cosmosbay.com [0.0.0.0]); Wed, 22 Apr 2009 16:57:03 +0200 (CEST) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2167 Lines: 57 Stephen Hemminger a ?crit : > This version of x_tables (ip/ip6/arp) locking uses a per-cpu > recursive lock that can be nested. > > The idea for this came from an earlier version done by Eric Dumazet. > Locking is done per-cpu, the fast path locks on the current cpu > and updates counters. This reduces the contention of a > single reader lock (in 2.6.29) without the delay of synchronize_net() > (in 2.6.30-rc2). > > The mutex that was added for 2.6.30 in xt_table is unnecessary since > there already is a mutex for xt[af].mutex that is held. > > Signed-off-by: Stephen Hemminger Tested today on various machines and no problem so far tbench/oprofile results, 3.7236% cpu spent in ipt_do_table, and 0.84% used on read_lock/read_unlock c04a5c30 : /* ipt_do_table total: 217134 3.7236 */ ... 349 0.0060 :c04a5ccc: call c04ce380 <_read_lock> 23914 0.4101 :c04a5cd1: mov 0xc(%edi),%eax ... :c04a5ecb: call c04ce5f0 <_read_unlock_bh> 25279 0.4335 :c04a5ed0: cmpb $0x0,-0xd(%ebp) "iptables -L" fetches its data very fast too. 150 us on a 8 cpus machine, small firewall rules. 400-700 us on same machine, 1000 fw rules set (160000 bytes per cpu) depending on network trafic (from light to flood) Thanks > > --- > CHANGES > - reader and write now inline > - only acquire one cpu write lock at a time > - write lock pushed down into get_counters > > include/linux/netfilter/x_tables.h | 50 +++++++++++++-- > net/ipv4/netfilter/arp_tables.c | 121 ++++++++++--------------------------- > net/ipv4/netfilter/ip_tables.c | 120 +++++++++--------------------------- > net/ipv6/netfilter/ip6_tables.c | 120 ++++++++++-------------------------- > net/netfilter/x_tables.c | 55 +++++++++------- > 5 files changed, 174 insertions(+), 292 deletions(-) > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/