Re: execution context in netfilter hooks.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@eurodev.net>
To: Giacomo <delleceste@gmail.com>
Cc: Harald Welte <laforge@netfilter.org>,
	netfilter-devel@lists.netfilter.org, Giacomo <jacum@libero.it>
Subject: Re: execution context in netfilter hooks.
Date: Tue, 13 Dec 2005 11:30:15 +0100	[thread overview]
Message-ID: <439EA2B7.8020408@eurodev.net> (raw)
In-Reply-To: <885896af0512130004n1fa1fdt@mail.gmail.com>

Giacomo wrote:
> A last question:
> 
>  you said LOCAL_OUT is on behalf of process, so it is in process
> context -> can be interrupted by timer -> the reason why code crashed!
> If so, the question would be finally clear!

Some packets traversing LOCAL_OUT can be in process context, those can
be interrupted by timers or whatever interrupt handling. But some others
can be in interrupt context because of retransmissions and other issues.
So, the affirmation: "packets in LOCAL_OUT are in process context" is bogus.

Moreover, you must also worry about preemption, eg. if preemption is
enabled one packet traversing LOCAL_OUT can be preempted by other one
from a process that has more priority. Although it is not recommended to
enable preemption in a server, you'll have to make your code
preemption-safe.

BTW, some people enable preemption in their firewalls because they don't
fully understand the concept. IMO, a firewall won't gain any advanges
from preemption since most of the work will come from interrupt context.

> LOCAL_INPUT instead should be softirq, shouldn't it? Just like
> FORWARD... so timers don't cause interruption..

That's it.

-- 
Pablo

next prev parent reply	other threads:[~2005-12-13 10:30 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-11 20:39 execution context in netfilter hooks Giacomo
2005-12-12 20:43 ` Harald Welte
2005-12-13  8:04   ` Giacomo
2005-12-13 10:30     ` Pablo Neira Ayuso [this message]
  -- strict thread matches above, loose matches on Subject: below --
2005-12-13  8:06 Giacomo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=439EA2B7.8020408@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=delleceste@gmail.com \
    --cc=jacum@libero.it \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.