shekhar.kshirsagar at gmail
Mar 21, 2006, 9:43 AM
Post #2 of 3
(302 views)
Permalink
|
|
Re: Memory scaling issues with Per CPU copy of ipt_entry tables in iptables
[In reply to]
|
|
Trying again...
It will be really helpful, if someone can provide historic perspective on this:
Thanks,
Shekhar
On 3/18/06, Shekhar Kshirsagar <shekhar.kshirsagar [at] gmail> wrote:
> iptables code (2.4/2.6), iptables implementation makes per CPU copy of
> the ipt_entry tables.
> Looking in the code, it seems that per CPU copy is really required
> only for two variables in ipt_entry structure - 'comefrom' and
> 'counters'.
>
> But further investigation reveals that, old ipchains implementation
> (ipchains_core.c) had per CPU copy of only counters instead of the
> complete structure. So it seems like there was some specific reason to
> move away from per CPU copy of just counters to per CPU copy of
> complete ipt_entry tables.
>
> Can somebody who knows history of these changes help me understand the
> implications if one wants to reduce iptables memory requirements by
> going per CPU copy of only two variables - 'comefrom' and 'counters'.
>
> Thanks,
> Shekhar
>
|
