From: Patrick McHardy <kaber@trash.net>
To: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Cc: netfilter-devel@lists.netfilter.org, laforge@netfilter.org,
kisza@securityaudit.hu, usagi-core@linux-ipv6.org
Subject: Re: [PATCH]: 1st step to remove skb_linearize() in ip6_tables.c and optimization
Date: Thu, 24 Jun 2004 13:26:10 +0200 [thread overview]
Message-ID: <40DABA52.9070700@trash.net> (raw)
In-Reply-To: <200406240404.NAA01264@toshiba.co.jp>
Yasuyuki Kozakai wrote:
> Hi, folks,
>
> In the current kernel, skb is linearized by skb_linearize() in ip6_tables.c.
> I suggest removing this, and this patch is the 1st step to do it.
>
> To remove skb_linearize(), this patch changes the API of match() like
> ip_tables.h
I'm not sure the way iptables does it is really the right way. We call
skb_copy_bits for anything that needs to be matched after the ip_header.
Think of 100 rules matching "-p tcp --dport X". We copy the tcp header
100 times, for a total of 2000 bytes. One call to skb_linearize would
most likely be less expensive. I'm thinking about putting the copied
protocol header in the control buffer, this would reduce this extensive
copying a lot. We could also do some common preprocessing steps in one
place, like converting things to host byte order.
Comments anyone ?
Regards
Patrick
next prev parent reply other threads:[~2004-06-24 11:26 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-24 4:04 [PATCH]: 1st step to remove skb_linearize() in ip6_tables.c and optimization Yasuyuki Kozakai
2004-06-24 8:13 ` Andras Kis-Szabo
2004-06-24 10:12 ` Yasuyuki Kozakai
2004-06-24 10:24 ` Jozsef Kadlecsik
2004-06-24 10:35 ` Yasuyuki Kozakai
2004-06-24 11:26 ` Patrick McHardy [this message]
2004-06-24 11:50 ` Jozsef Kadlecsik
2004-06-24 13:04 ` Yasuyuki Kozakai
2004-06-24 13:25 ` Jozsef Kadlecsik
2004-06-24 13:48 ` (usagi-core 18584) " YOSHIFUJI Hideaki / 吉藤英明
2004-06-24 15:06 ` Yasuyuki Kozakai
2004-06-24 16:50 ` Patrick McHardy
2004-06-25 4:57 ` Yasuyuki Kozakai
2004-06-25 10:01 ` Jozsef Kadlecsik
2004-06-26 7:25 ` Yasuyuki Kozakai
2004-07-21 21:36 ` Harald Welte
2004-07-29 6:09 ` Yasuyuki Kozakai
2004-08-01 16:46 ` Harald Welte
2004-08-01 17:08 ` Patrick McHardy
2004-08-01 18:11 ` Harald Welte
2004-08-02 4:05 ` Yasuyuki Kozakai
2004-08-07 21:05 ` Yasuyuki Kozakai
2004-08-09 1:40 ` Yasuyuki Kozakai
2004-06-25 9:53 ` Harald Welte
2004-06-28 20:31 ` Patrick McHardy
2004-07-06 10:20 ` Patrick McHardy
2004-07-06 10:35 ` Harald Welte
2004-07-06 22:59 ` Pablo Neira
2004-07-06 23:33 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40DABA52.9070700@trash.net \
--to=kaber@trash.net \
--cc=kisza@securityaudit.hu \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=usagi-core@linux-ipv6.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.