We have a customer claiming that iptables-nft takes too long to list rules from container on big systems. So we remove global nfnl_lock from read code paths and replace it with rcu to improve perfomane for that case.
https://virtuozzo.atlassian.net/browse/PSBM-150147 Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Florian Westphal (2): netfilter: nf_tables: use call_rcu in netlink dumps netfilter: nf_tables: fix oops during rule dump Pavel Tikhomirov (1): netfilter: nf_tables: use list_entry_rcu in nft_do_chain net/netfilter/nf_tables_api.c | 154 +++++++++++++++++++++------------ net/netfilter/nf_tables_core.c | 2 +- 2 files changed, 98 insertions(+), 58 deletions(-) -- 2.41.0 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
