From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giacomo Subject: Re: execution context in netfilter hooks. Date: Tue, 13 Dec 2005 09:04:24 +0100 Message-ID: <885896af0512130004n1fa1fdt@mail.gmail.com> References: <439C8E74.9070206@libero.it> <20051212204337.GE3420@sunbeam.de.gnumonks.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: To: Harald Welte , Giacomo , netfilter-devel@lists.netfilter.org In-Reply-To: <20051212204337.GE3420@sunbeam.de.gnumonks.org> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org A last question: you said LOCAL_OUT is on behalf of process, so it is in process context -> can be interrupted by timer -> the reason why code crashed! If so, the question would be finally clear! LOCAL_INPUT instead should be softirq, shouldn't it? Just like FORWARD... so timers don't cause interruption.. Thanks a lot very much! Giacomo. 2005/12/12, Harald Welte : > On Sun, Dec 11, 2005 at 09:39:16PM +0100, Giacomo wrote: > > Good morning, i would like to know exactly the context of execution > > of code registered with netfilter hooks. > > > As far as I understood, the context is that of a softirq, inside a > > bottom half. Correct me if i'm wrong.. > > 'bottom half' context doesn't really exist anymore in 2.6.x, so it's > softirq. But that's only true for forwarded packets. locally-generated > packets at LOCAL_OUT are in 'kernel on behalf of process' context. > > > But is it concerned with tasklets? > > what do you mean by "is it concerned" ? > > > Is execution serialized? In other words, if packet A fr instance is > > received from the net, and then packet B immediately, is packet A > > processed entirely before packet B? Or code can be executed in > > parallel for packet A and B? > > on multiple cpu's it's fully parallel, so yes, packet A will execute the > same netfilter hook (plus attached code) on CPU1 where packet B will run > on CPU2. > > On a single CPU, Packet B will be put onto a queue (by the hardirq > handler of the network driver) until packet A's softirq processing has > finished. Then packet B will enter softirq context and pulled from that > queue. > > > Moreover: interrupts are enabled in such context, aren't they? And that > > means that also a software timer can interrupt a routine being > > executed in bottom half. > > software timers dont interrupt softirq context. (neither did the > interrupt bottom half context, when it still existed). you seem to be > confused about the kernel contexts and their interaction. > > > But software timers run with sw interrupts disabled, so a timeout > > handler for instance cannot be interrupted by a routine managing > > reception of a packet arrived on the wire. > > I think you should read some general information on how softirq and > hardirq processing work. This is not really netfilter related. > > -- > - Harald Welte http://netfilter.o= rg/ > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > "Fragmentation is like classful addressing -- an interesting early > architectural error that shows how much experimentation was going > on while IP was being designed." -- Paul Vixie > > > -- Giacomo S. http://www.giacomos.it - - - - - - - - - - - - - - - - - - - - - - Running `IPFIRE-wall` on debian GNU/Linux http://www.giacomos.it/ipfire http://www.debian.org mailto: delleceste@gmail.com giacomo.strangolino@elettra.trieste.it jacum@libero.it - - - - - - - - - - - - - - - - - - - - - -