per-cpu table information

per-cpu table information

[Swapnil Nagle]

Hi all,

Why is the table information (ipt_table_info to be specific) duplicated 
for each CPU in ipt_table?
Is it required so that new rules can be added simultanously while the 
existing rules are processed ?

Regards,
Swapnil.

Re: per-cpu table information

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 712 bytes --]

On Thu, Sep 09, 2004 at 03:47:02PM +0530, Swapnil Nagle wrote:
> 
> Hi all,
> 
> Why is the table information (ipt_table_info to be specific) duplicated 
> for each CPU in ipt_table?

Because we don't need any locking and we don't have cache line ping-pong
between the CPU's, if there is no shared data.

> Regards,
> Swapnil.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: per-cpu table information

[David S. Miller]

On Thu, 16 Sep 2004 00:36:02 +0200
Harald Welte <laforge@netfilter.org> wrote:

> Because we don't need any locking and we don't have cache line ping-pong
> between the CPU's, if there is no shared data.

In my opinion the disadvantages (both in code complexity and table
update cost) far outweigh whatever speed gains you this obtains.

Re: per-cpu table information

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1345 bytes --]

On Wed, Sep 15, 2004 at 03:47:38PM -0700, David S. Miller wrote:
> On Thu, 16 Sep 2004 00:36:02 +0200
> Harald Welte <laforge@netfilter.org> wrote:
> 
> > Because we don't need any locking and we don't have cache line ping-pong
> > between the CPU's, if there is no shared data.
> 
> In my opinion the disadvantages (both in code complexity and table
> update cost) far outweigh whatever speed gains you this obtains.

Table update cost is mostly harmed by the atomic replacement of the
whole table, not by one-time copying...

And iptables performance is bad enough, we don't need to make it any
worse (we have per-rule counters that need to be written to!).

Anyway, pkttables will simply have a 'matchinfo/targinfo read only'
policy (everybody who needs a writable memory needs to dynamically
allocate and do his own locking), and not have per-rule countes anymore.
This means the whole ruleset is read-only and we don't need any code
replication.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: per-cpu table information

[David S. Miller]

On Thu, 16 Sep 2004 09:12:02 +0200
Harald Welte <laforge@netfilter.org> wrote:

> Anyway, pkttables will simply have a 'matchinfo/targinfo read only'
> policy (everybody who needs a writable memory needs to dynamically
> allocate and do his own locking), and not have per-rule countes anymore.
> This means the whole ruleset is read-only and we don't need any code
> replication.

Sounds great.