Re: [PATCH] netfilter: use per-cpu recursive spinlock (v6)

[Patrick McHardy]

Linus Torvalds wrote:
> Guys, this whole discussion has just been filled with crazy crap. Can 
> somebody even explain why we care so deeply about some counters for 
> something that we just _deleted_ and that have random values anyway?
>
> I can see the counters being interesting while a firewall is active, but I 
> sure don't see what's so wonderfully interesting after-the-fact about a 
> counter on something that NO LONGER EXISTS that it has to be somehow 
> "exactly right".

They're copied to userspace after replacing the ruleset, associated with
the rules that are still active after the change and then added to the
current counters in a second operation. The end result is that the
counters are accurate for rules not changed.

> Show of hands, here: tell me a single use that really _requires_ those 
> exact counters of a netfilter rule that got deleted and is no longer 
> active?

People use netfilter for accounting quite a lot. Having dynamic updates
is also not uncommon, so this might actually matter.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/