diff options
| author | glebius <glebius@FreeBSD.org> | 2005-12-06 10:45:49 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2005-12-06 10:45:49 +0000 |
| commit | dc6ebf59045b102756965542d314091c951d5cec (patch) | |
| tree | 7eb836f039bec05c6dc98caea30c0d2a022328d4 /sys/netinet/ip_output.c | |
| parent | e3ae9382dd2548b7117874dbbfc3c2b81ad2b41a (diff) | |
| download | FreeBSD-src-dc6ebf59045b102756965542d314091c951d5cec.zip FreeBSD-src-dc6ebf59045b102756965542d314091c951d5cec.tar.gz | |
Optimize parallel processing of ipfw(4) rulesets eliminating the locking
of the radix lookup tables. Since several rnh_lookup() can run in
parallel on the same table, we can piggyback on the shared locking
provided by ipfw(4).
However, the single entry cache in the ip_fw_table can't be used lockless,
so it is removed. This pessimizes two cases: processing of bursts of similar
packets and matching one packet against the same table several times during
one ipfw_chk() lookup. To optimize the processing of similar packet bursts
administrator should use stateful firewall. To optimize the second problem
a solution will be provided soon.
Details:
o Since we piggyback on the ipfw(4) locking, and the latter is per-chain,
the tables are moved from the global declaration to the
struct ip_fw_chain.
o The struct ip_fw_table is shrunk to one entry and thus vanished.
o All table manipulating functions are extended to accept the struct
ip_fw_chain * argument.
o All table modifing functions use IPFW_WLOCK_ASSERT().
Diffstat (limited to 'sys/netinet/ip_output.c')
0 files changed, 0 insertions, 0 deletions
