On Wed, 2002-02-20 at 10:28, Harald Welte wrote: > On Tue, Feb 19, 2002 at 09:56:33AM +0000, Gianni Tedesco wrote: > > Hi, > > > > Am i right in assuming match checkentry functions should be totally > > reentrant? What about on UP systems? I read in ip_tables.c (iirc) that 2 > > packets can be traversing iptables for each CPU. > > > > Currently the skip/shift tables are implemented as a global variable, > > they are too big to go on the stack. If I do one global variable per > > cpu, will this make it SMP safe? > > I haven't read the code, but why are the skip/shift tables not part of the > rule? > > all ip_tables are replicated for each cpu, resulting in the match/target > info structures within the rules also be replicated over all cpus. > > So if you kepp all data in your per-rule data structure, nothing evil should > happen.
The reason I made them seperate is that they are quite large (12KB altogether), the tables get written over for every packet each rule sees. It seems like a waste of memory to have them replicated once per rule per cpu if I could quite easily just do them once per cpu. I currently have a fix which makes them an array which i index with smp_processor_id(). If the checkentry function can be reentered on a UP machine then this will break however... Whaddya reckon? -- // Gianni Tedesco <[EMAIL PROTECTED]> 80% of all email is a figment of procmails imagination.
