Anatol Pomozov <anatol.pomo...@gmail.com> wrote: > Or maybe xt_replace_table() can be enhanced? When I hear that > something waits until an event happens on all CPUs I think about > wait_event() function. Would it be better for xt_replace_table() to > introduce an atomic counter that is decremented by CPUs, and the main > CPU waits until the counter gets zero?
That would mean placing an additional atomic op into the iptables evaluation path (ipt_do_table and friends). Only alternative I see that might work is synchronize_rcu (the _do_table functions are called with rcu read lock held). I guess current scheme is cheaper though.
