diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-06-02 18:26:17 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-06-02 18:26:17 +0000 |
| commit | 0f9e85844038f1065732f6e28261101bb0c61492 (patch) | |
| tree | 9f93a531fd61b5932ab6fcc38f6915b3f1a0ab60 /sys/netinet | |
| parent | 12453fdf4f537f30c14a82fa93b74dd48d24775b (diff) | |
| download | FreeBSD-src-0f9e85844038f1065732f6e28261101bb0c61492.zip FreeBSD-src-0f9e85844038f1065732f6e28261101bb0c61492.tar.gz | |
Add internal 'mac_policy_count' counter to the MAC Framework, which is a
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_divert.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_syncache.c | 2 |
3 files changed, 0 insertions, 6 deletions
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 5e71d4d..0894bfa4 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -467,9 +467,7 @@ div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin, m->m_pkthdr.rcvif = ifa->ifa_ifp; } #ifdef MAC - SOCK_LOCK(so); mac_socket_create_mbuf(so, m); - SOCK_UNLOCK(so); #endif /* Send packet to input processing via netisr */ netisr_queue_src(NETISR_IP, (uintptr_t)so, m); diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index bbf5d8f..674c77e 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1562,9 +1562,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, TCPSTAT_INC(tcps_connects); soisconnected(so); #ifdef MAC - SOCK_LOCK(so); mac_socketpeer_set_from_mbuf(m, so); - SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) == diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 8e80842..2763183 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -635,9 +635,7 @@ syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m) goto abort2; } #ifdef MAC - SOCK_LOCK(so); mac_socketpeer_set_from_mbuf(m, so); - SOCK_UNLOCK(so); #endif inp = sotoinpcb(so); |
