From a07c59d4d1edf4cc888f69c89b024fe730ec4baa Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Wed, 18 Sep 2002 20:40:54 +0000 Subject: *** empty log message *** --- br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'br-nf-bds') diff --git a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c index f1c7016..fb50fc0 100644 --- a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c +++ b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c @@ -68,7 +68,10 @@ static DECLARE_MUTEX(ipt_mutex); #define inline #endif -/* +/* Locking is simple: we assume at worst case there will be one packet + in user context and one from bottom halves (or soft irq if Alexey's + softnet patch was applied). + We keep a set of rules for each CPU, so we can avoid write-locking them in the softirq when updating the counters and therefore only need to read-lock in the softirq; doing a write_lock_bh() in user -- cgit v1.2.3