Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function
From: David Miller <davem@davemloft.net>
Date: 2006-12-12 01:34:00
Also in:
lkml, netfilter-devel
Possibly related (same subject, not in this thread)
- 2006-11-30 · Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function · Jarek Poplawski <hidden>
- 2006-11-29 · Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function · Krzysztof Halasa <khc@pm.waw.pl>
- 2006-11-29 · Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function · Krzysztof Halasa <khc@pm.waw.pl>
- 2006-11-28 · Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function · Patrick McHardy <hidden>
- 2006-11-28 · Re: Broken commit: [NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function · Krzysztof Halasa <khc@pm.waw.pl>
From: Herbert Xu <herbert@gondor.apana.org.au> Date: Fri, 1 Dec 2006 15:37:55 +1100
So in general when allocating packets we have two scenarios: 1) The dst is known and fixed, i.e., all datagram protocols. This is the easy case where the headroom is known exactly beforehand. 2) The dst is unknown or may vary, this includes TCP, SCTP and DCCP. This is where we currently use MAX_HEADER plus some protocol-specific headroom. Right now the normal (non-IPsec) dst output path always checks for sufficient headroom and reallocates if necessary (ip_finish_output2). I propose that we make IPsec do the same thing.
Agreed.
For standard MTU-sized packets this discussion is moot since we have 2K of memory in each chunk. However, for ACKs it could save a bit of memory.
For linear MTU-sized SKBs yes, but TCP data packets are going out %99 of the time with paged data these days and thus suffers from the same set of issues and potential savings.