diff options
| author | ae <ae@FreeBSD.org> | 2017-04-17 09:34:09 +0000 |
|---|---|---|
| committer | Luiz Souza <luiz@netgate.com> | 2017-07-15 11:18:39 -0500 |
| commit | 20f1059c99efbc31a8e3694dd8a9c86ebf90f4fb (patch) | |
| tree | 3b18f6f9344a89ee47c9a25e2947d26f810ba1a4 | |
| parent | 755da72db81475fcf31715ae0cecc49968b8d008 (diff) | |
| download | FreeBSD-src-20f1059c99efbc31a8e3694dd8a9c86ebf90f4fb.zip FreeBSD-src-20f1059c99efbc31a8e3694dd8a9c86ebf90f4fb.tar.gz | |
MFC r316461:
Remove "IPFW static rules" rmlock.
Make PFIL's lock global and use it for this purpose.
This reduces the number of locks needed to acquire for each packet.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D10154
(cherry picked from commit 9a21c53ccadbd5db7c683c6b68fb0d8c63b02c5f)
| -rw-r--r-- | sys/net/pfil.c | 1 | ||||
| -rw-r--r-- | sys/net/pfil.h | 4 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_dynamic.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_iface.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_nat.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_private.h | 20 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table.c | 1 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table_value.c | 1 |
10 files changed, 18 insertions, 14 deletions
diff --git a/sys/net/pfil.c b/sys/net/pfil.c index 9b151de..a494972 100644 --- a/sys/net/pfil.c +++ b/sys/net/pfil.c @@ -62,7 +62,6 @@ LIST_HEAD(pfilheadhead, pfil_head); VNET_DEFINE(struct pfilheadhead, pfil_head_list); #define V_pfil_head_list VNET(pfil_head_list) VNET_DEFINE(struct rmlock, pfil_lock); -#define V_pfil_lock VNET(pfil_lock) /* * pfil_run_hooks() runs the specified packet filter hook chain. diff --git a/sys/net/pfil.h b/sys/net/pfil.h index ff260ce..405c122 100644 --- a/sys/net/pfil.h +++ b/sys/net/pfil.h @@ -39,6 +39,7 @@ #include <sys/lock.h> #include <sys/rmlock.h> #include <sys/sysctl.h> +#include <net/vnet.h> struct mbuf; struct ifnet; @@ -99,6 +100,9 @@ struct pfil_head { LIST_ENTRY(pfil_head) ph_list; }; +VNET_DECLARE(struct rmlock, pfil_lock); +#define V_pfil_lock VNET(pfil_lock) + /* Public functions for pfil hook management by packet filters. */ struct pfil_head *pfil_head_get(int, u_long); void pfil_head_export_sysctl(struct pfil_head *, struct sysctl_oid_list *); diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 664119a..5eb9390 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -992,7 +992,6 @@ ipfw_chk(struct ip_fw_args *args) int is_ipv4 = 0; int done = 0; /* flag to exit the outer loop */ - IPFW_RLOCK_TRACKER; if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready)) return (IP_FW_PASS); /* accept */ diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 95b3a72..77c98c7 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include <net/ethernet.h> /* for ETHERTYPE_IP */ #include <net/if.h> #include <net/if_var.h> +#include <net/pfil.h> #include <net/vnet.h> #include <netinet/in.h> diff --git a/sys/netpfil/ipfw/ip_fw_iface.c b/sys/netpfil/ipfw/ip_fw_iface.c index b2aa7d3..beb3b91 100644 --- a/sys/netpfil/ipfw/ip_fw_iface.c +++ b/sys/netpfil/ipfw/ip_fw_iface.c @@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include <sys/eventhandler.h> #include <net/if.h> #include <net/if_var.h> +#include <net/pfil.h> #include <net/vnet.h> #include <netinet/in.h> diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c index cb816f7..6fa74cd 100644 --- a/sys/netpfil/ipfw/ip_fw_nat.c +++ b/sys/netpfil/ipfw/ip_fw_nat.c @@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$"); #include <net/if.h> #include <net/if_var.h> +#include <net/pfil.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/ip_var.h> diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h index d670a49..b6471a0 100644 --- a/sys/netpfil/ipfw/ip_fw_private.h +++ b/sys/netpfil/ipfw/ip_fw_private.h @@ -272,8 +272,6 @@ struct ip_fw_chain { void **srvstate; /* runtime service mappings */ #if defined( __linux__ ) || defined( _WIN32 ) spinlock_t rwmtx; -#else - struct rmlock rwmtx; #endif int static_len; /* total len of static rules (v0) */ uint32_t gencnt; /* NAT generation count */ @@ -414,25 +412,23 @@ struct ipfw_ifc { #define IPFW_PF_RUNLOCK(p) IPFW_RUNLOCK(p) #else /* FreeBSD */ #define IPFW_LOCK_INIT(_chain) do { \ - rm_init_flags(&(_chain)->rwmtx, "IPFW static rules", RM_RECURSE); \ rw_init(&(_chain)->uh_lock, "IPFW UH lock"); \ } while (0) #define IPFW_LOCK_DESTROY(_chain) do { \ - rm_destroy(&(_chain)->rwmtx); \ rw_destroy(&(_chain)->uh_lock); \ } while (0) -#define IPFW_RLOCK_ASSERT(_chain) rm_assert(&(_chain)->rwmtx, RA_RLOCKED) -#define IPFW_WLOCK_ASSERT(_chain) rm_assert(&(_chain)->rwmtx, RA_WLOCKED) +#define IPFW_RLOCK_ASSERT(_chain) rm_assert(&V_pfil_lock, RA_RLOCKED) +#define IPFW_WLOCK_ASSERT(_chain) rm_assert(&V_pfil_lock, RA_WLOCKED) #define IPFW_RLOCK_TRACKER struct rm_priotracker _tracker -#define IPFW_RLOCK(p) rm_rlock(&(p)->rwmtx, &_tracker) -#define IPFW_RUNLOCK(p) rm_runlock(&(p)->rwmtx, &_tracker) -#define IPFW_WLOCK(p) rm_wlock(&(p)->rwmtx) -#define IPFW_WUNLOCK(p) rm_wunlock(&(p)->rwmtx) -#define IPFW_PF_RLOCK(p) IPFW_RLOCK(p) -#define IPFW_PF_RUNLOCK(p) IPFW_RUNLOCK(p) +#define IPFW_RLOCK(p) rm_rlock(&V_pfil_lock, &_tracker) +#define IPFW_RUNLOCK(p) rm_runlock(&V_pfil_lock, &_tracker) +#define IPFW_WLOCK(p) rm_wlock(&V_pfil_lock) +#define IPFW_WUNLOCK(p) rm_wunlock(&V_pfil_lock) +#define IPFW_PF_RLOCK(p) +#define IPFW_PF_RUNLOCK(p) #endif #define IPFW_UH_RLOCK_ASSERT(_chain) rw_assert(&(_chain)->uh_lock, RA_RLOCKED) diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index 77e9779..ff33522 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$"); #include <sys/syslog.h> #include <sys/fnv_hash.h> #include <net/if.h> +#include <net/pfil.h> #include <net/route.h> #include <net/vnet.h> #include <vm/vm.h> diff --git a/sys/netpfil/ipfw/ip_fw_table.c b/sys/netpfil/ipfw/ip_fw_table.c index d187211..ed500b1 100644 --- a/sys/netpfil/ipfw/ip_fw_table.c +++ b/sys/netpfil/ipfw/ip_fw_table.c @@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$"); #include <sys/socketvar.h> #include <sys/queue.h> #include <net/if.h> /* ip_fw.h requires IFNAMSIZ */ +#include <net/pfil.h> #include <netinet/in.h> #include <netinet/ip_var.h> /* struct ipfw_rule_ref */ diff --git a/sys/netpfil/ipfw/ip_fw_table_value.c b/sys/netpfil/ipfw/ip_fw_table_value.c index e92a5a9..d60fc34 100644 --- a/sys/netpfil/ipfw/ip_fw_table_value.c +++ b/sys/netpfil/ipfw/ip_fw_table_value.c @@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$"); #include <sys/socketvar.h> #include <sys/queue.h> #include <net/if.h> /* ip_fw.h requires IFNAMSIZ */ +#include <net/pfil.h> #include <netinet/in.h> #include <netinet/ip_var.h> /* struct ipfw_rule_ref */ |
