netfilter: xt_hashlimit: perform garbage collection from process context
authorEric Dumazet <edumazet@google.com>
Thu, 24 Jul 2014 04:36:50 +0000 (06:36 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 24 Jul 2014 11:07:25 +0000 (13:07 +0200)
commit7bd8490eef9776ced7632345df5133384b6be0fe
treecb5130cc165142998ac5729e8de9b26c622bb7e1
parent5b96af7713546fca812682fed13cfad26d69fed7
netfilter: xt_hashlimit: perform garbage collection from process context

xt_hashlimit cannot be used with large hash tables, because garbage
collector is run from a timer. If table is really big, its possible
to hold cpu for more than 500 msec, which is unacceptable.

Switch to a work queue, and use proper scheduling points to remove
latencies spikes.

Later, we also could switch to a smoother garbage collection done
at lookup time, one bucket at a time...

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Patrick McHardy <kaber@trash.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/xt_hashlimit.c