diff options
| -rw-r--r-- | br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c index f1c7016..fb50fc0 100644 --- a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c +++ b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c @@ -68,7 +68,10 @@ static DECLARE_MUTEX(ipt_mutex); #define inline #endif -/* +/* Locking is simple: we assume at worst case there will be one packet + in user context and one from bottom halves (or soft irq if Alexey's + softnet patch was applied). + We keep a set of rules for each CPU, so we can avoid write-locking them in the softirq when updating the counters and therefore only need to read-lock in the softirq; doing a write_lock_bh() in user |