From nobody Tue Jun 20 09:46:06 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QlhbL4dBVz4gH50; Tue, 20 Jun 2023 09:46:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QlhbL45Mxz3DYm; Tue, 20 Jun 2023 09:46:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687254366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0WEh6ovXEVhppYKG+W6r8pJH/I/GOqFhjAApYmGJZYc=; b=hnqnLfJGYnzrXjrV9GuLijA+cFAQXxGfuvbE5Kmy/sJQlGXK3v2RkLzLZRHoQ+XsN1kkE+ y9Ol9Xzsr3wxdvTXxv9j7W6ksJ582mDvbv5qyJpV9K4n5nU052Z9luymhZfL5nNfkoINi+ DOpD96owzCu1NOSRKufggA3V90KQKGh8A7pWydPxTWjpg2JLVHrXna0rvSlP9LGSxrici7 MZ40MaJQThqXVvj08Vten5xnyWOPsu10G6hBMvACDsQYeFtYvdg7cRJdh6cTPqQoadjiR+ v2zjDA7MrFYTwdrghxOwzwKsYYPA0nk4Ei4T/H9Q5GMSUWXe01ujzMm/hy7osg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687254366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0WEh6ovXEVhppYKG+W6r8pJH/I/GOqFhjAApYmGJZYc=; b=R+WNO1B1L+f2zP4Kuhmpw7dYRFD4aeg2oiGjQGAsmA02/hZjk/XAFym+qRjLMV1KRfcseS qLX8IY1Jw8I9dqNc7SCsSHSXdxkE8tMy1FBZMElQY/0bhlClbNwxmlTWQiT8LO1w96n4Y3 htwgeiERK30X9uzZJEiQxpW0cLEydT6Z973K8rlXSTJlzd3oed3hiV29uKUrpkDJhB6vwQ 95TwxzXRNNLlbc1UkAjPj1QhiP3XZ4p91lA/KAbhKPvwOuJvN1Lph5DDzdCmj9gCLrXAqu K8SkZNR8wwR5bIlqSlQgKGXCEyO0cxf/f0yQHvd9rV+fuJX+JixzEKXD3T9wAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687254366; a=rsa-sha256; cv=none; b=Z0EEx/+OXKKeOW2fHDZFRncHEhkyUZDSoRA30CodDrnwVYBW52fb97x7w9hb87QBNmhbeS d/zObic4u8fV7qbH2BlN17qeY6UMSYODEA9igkTNIJZJFTXJcS//FZwu/Ma0V2jwUksFSN JjCYY3BAr7M81xc+8LbubJK7LTmC7V/96jg7nqEoqSyLhIxiqgev77nEURkeOR5kUZU6Aa bHxO9720DS0L8Q+15zJt+WiFgP7aRAyyi1WIFhfPBvXtqwmb9ts+/kn2aCQPLQSz95q879 1uqIdpePqg1M4Zhh0VapSHfh/zzdh8dTm/U+sXp5yc6dQZOKu6hLvuU2c4apOQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QlhbL2m3gzvB5; Tue, 20 Jun 2023 09:46:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35K9k6xl082565; Tue, 20 Jun 2023 09:46:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35K9k6jp082564; Tue, 20 Jun 2023 09:46:06 GMT (envelope-from git) Date: Tue, 20 Jun 2023 09:46:06 GMT Message-Id: <202306200946.35K9k6jp082564@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 6983b986e194 - main - pf: allow defer timeout to be configured List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6983b986e194d409344c0d3b1540610648df4d25 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6983b986e194d409344c0d3b1540610648df4d25 commit 6983b986e194d409344c0d3b1540610648df4d25 Author: Kristof Provost AuthorDate: 2023-06-19 14:37:19 +0000 Commit: Kristof Provost CommitDate: 2023-06-20 09:20:26 +0000 pf: allow defer timeout to be configured Add the net.pfsync.defer_delay sysctl to allow the defer timeout (i.e. how long pf holds onto packets waiting for the peer to ack the new state) to be changed. This is intended to make testing of the defer code more robust, by allowing longer timeouts to mitigate scheduling/measurement jitter. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/if_pfsync.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 67f986e6abd2..61f2dcba1767 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -281,6 +281,8 @@ struct pfsync_softc { #define PFSYNC_BUNLOCK(sc) mtx_unlock(&(sc)->sc_bulk_mtx) #define PFSYNC_BLOCK_ASSERT(sc) mtx_assert(&(sc)->sc_bulk_mtx, MA_OWNED) +#define PFSYNC_DEFER_TIMEOUT 20 + static const char pfsyncname[] = "pfsync"; static MALLOC_DEFINE(M_PFSYNC, pfsyncname, "pfsync(4) data"); VNET_DEFINE_STATIC(struct pfsync_softc *, pfsyncif) = NULL; @@ -293,6 +295,8 @@ VNET_DEFINE_STATIC(struct pfsyncstats, pfsyncstats); #define V_pfsyncstats VNET(pfsyncstats) VNET_DEFINE_STATIC(int, pfsync_carp_adj) = CARP_MAXSKEW; #define V_pfsync_carp_adj VNET(pfsync_carp_adj) +VNET_DEFINE_STATIC(unsigned int, pfsync_defer_tmo) = PFSYNC_DEFER_TIMEOUT; +#define V_pfsync_defer_tmo VNET(pfsync_defer_tmo) static void pfsync_timeout(void *); static void pfsync_push(struct pfsync_bucket *); @@ -317,6 +321,8 @@ SYSCTL_INT(_net_pfsync, OID_AUTO, carp_demotion_factor, CTLFLAG_VNET | CTLFLAG_R &VNET_NAME(pfsync_carp_adj), 0, "pfsync's CARP demotion factor adjustment"); SYSCTL_ULONG(_net_pfsync, OID_AUTO, pfsync_buckets, CTLFLAG_RDTUN, &pfsync_buckets, 0, "Number of pfsync hash buckets"); +SYSCTL_UINT(_net_pfsync, OID_AUTO, defer_delay, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(pfsync_defer_tmo), 0, "Deferred packet timeout (in ms)"); static int pfsync_clone_create(struct if_clone *, int, caddr_t); static void pfsync_clone_destroy(struct ifnet *); @@ -358,7 +364,6 @@ static struct pfsync_bucket *pfsync_get_bucket(struct pfsync_softc *, struct pf_kstate *); #define PFSYNC_MAX_BULKTRIES 12 -#define PFSYNC_DEFER_TIMEOUT ((20 * hz) / 1000) VNET_DEFINE(struct if_clone *, pfsync_cloner); #define V_pfsync_cloner VNET(pfsync_cloner) @@ -1882,7 +1887,8 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) TAILQ_INSERT_TAIL(&b->b_deferrals, pd, pd_entry); callout_init_mtx(&pd->pd_tmo, &b->b_mtx, CALLOUT_RETURNUNLOCKED); - callout_reset(&pd->pd_tmo, PFSYNC_DEFER_TIMEOUT, pfsync_defer_tmo, pd); + callout_reset(&pd->pd_tmo, (V_pfsync_defer_tmo * hz) / 1000, + pfsync_defer_tmo, pd); pfsync_push(b); PFSYNC_BUCKET_UNLOCK(b);