On 2025-03-21 11:24:03 [+0100], Pablo Neira Ayuso wrote: > Hi Sebastian, Hi Pablo, > I have been discussing this with Florian, our proposal: > > 1. Make ipatbles legacy depend on !PREEMPT_RT which effectively > disabled iptables classic for RT. > > This should be ok, iptables-nft should work for RT. > > 2. make iptables-legacy user-selectable. > > these two are relatively simple. Okay. Let me try that. > If this does not make you happy, it should be possible to take your > patches plus hide synchronize_rcu() latency behind deferred free > (call_rcu+workqueue). I will try the suggested above and then will see who complains. But I think it should be doable to roll with nft only for future releases. > Thanks. Sebastian
