From nobody Tue Jan 16 08:52:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TDjS45Bd1z579pH; Tue, 16 Jan 2024 08:52:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TDjS415NRz4Pj2; Tue, 16 Jan 2024 08:52:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1705395124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xtZp2veFVgUfZ2HhXxpd5OQstCoI/7Ext/4CvQZvJ1w=; b=iEkLW6wAhrPPNh6nt4GJ6WWiqg3PIFPYmpVgDQnBMld/Rl/pTUEHScmazBsI+hWLoWvTLT 1otnbnuCRm0h1j3i74kD3BcwZ4ab0bU8eFFXsa9ROAjSmDMWPg5PixkEb/C5CRQ8YtQ7C7 teKB+z7cj8j8o7SPEfGrS7EJDNbtiqAY8JEH5drwvTRL5qQDau3qFbXy6CEzR2PgPqtY+G jsqQoJg/RAshlDurd0ZcsFtFnpVEqR7Et4u9kz1qRMaukAklde8NRSgrc9DROs1EmYE1rM HHhl9hskGI32OP6fGhn07R1gOPEt1pEeH0kBR5z9+CW+++ZLW+FBLjBXom4Q6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1705395124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xtZp2veFVgUfZ2HhXxpd5OQstCoI/7Ext/4CvQZvJ1w=; b=M1kGTEZjPvV2vRR7ivlf6tdjGsh3rJfHHMrLA3wGqlrd2AN8Fne7PT5qv/HDtMd/C73yK2 ev8RZOZC4/IBgjBy8vJHcsrRsujOc/YKOoOntuYQU8H3PYs0nBuqgQPJVAMWpiWSK4WtGB vjo2w3UsiCpkdbXDoj6orNeWSloRGy9HM8HSL6JsNMSf0YWu+d2H/A+zrA78UZm2A6KbDc vkImuihPATrU3TACu7eGtvDAs0cz4HKvozxfYKwddpfHS8Ma8srcTGgdMq1xn5FqJsZy5e qKGHeFnwC/nPkuinWIq8REtGZXGEdvb1klnK1/e3UdRsc1Rw3OxFTI8j0o4uQA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1705395124; a=rsa-sha256; cv=none; b=HKiDRAoPl4rvdbL5+ep3pLUEhOQ+elBXFbJpgnHJgndXolY1bIjrSd4DZeIq8Z5NFKv7/q MblBjJS3awXyt1GLRITchLGO5Q96KCJp8IgqsnsQEqiFclZO+qyqgkNLLXDxUL2uQIEGZ+ sLSA3V8kWUxjpZZDuOLsTS1HLYdmvK/Nd0fxUYf4rnzfTOLeJcRZYWld3Fjn1cUU2nYvgg EYdCnTPAqyvlrokqybuBMR93mCP0RgmI4PU6e5mELSA/VoydTqJXzcTVlFOCrhDY/YTiuS bCQrRmbcCoVRQS4FQHVHy9St3jNvxlv/jcbgNuKJ4Ss3TwxjHKMuEnSU7hdAAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TDjS36SmGzZ6l; Tue, 16 Jan 2024 08:52:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40G8q3Jx077401; Tue, 16 Jan 2024 08:52:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40G8q3RP077398; Tue, 16 Jan 2024 08:52:03 GMT (envelope-from git) Date: Tue, 16 Jan 2024 08:52:03 GMT Message-Id: <202401160852.40G8q3RP077398@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 2be6f75707b4 - main - pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2be6f75707b489d5505d45b677120d0870b6a066 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2be6f75707b489d5505d45b677120d0870b6a066 commit 2be6f75707b489d5505d45b677120d0870b6a066 Author: Kristof Provost AuthorDate: 2023-12-14 13:06:41 +0000 Commit: Kristof Provost CommitDate: 2024-01-16 08:45:55 +0000 pflow: Turn `pflowstats' statistics counters into per-CPU counters to make them mpsafe. The weird interactions around `pflow_flows' and `sc_gcounter' replaced by simple `pflow_flows' increment. Since the flow sequence is the 32 bits integer, the `sc_gcounter' type replaced by the type of uint32_t. Obtained from: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D43116 --- sys/net/pflow.h | 2 +- sys/netpfil/pf/pflow.c | 76 +++++++++++++++++++++++++++++++++++++------------- 2 files changed, 58 insertions(+), 20 deletions(-) diff --git a/sys/net/pflow.h b/sys/net/pflow.h index 84fcf1327a17..456e3de52ab1 100644 --- a/sys/net/pflow.h +++ b/sys/net/pflow.h @@ -244,7 +244,7 @@ struct pflow_softc { unsigned int sc_maxcount4; unsigned int sc_maxcount6; unsigned int sc_maxcount_nat4; - u_int64_t sc_gcounter; + u_int32_t sc_gcounter; u_int32_t sc_sequence; struct callout sc_tmo; struct callout sc_tmo6; diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c index ce5e8ec6547c..0000aa05ee0d 100644 --- a/sys/netpfil/pf/pflow.c +++ b/sys/netpfil/pf/pflow.c @@ -89,6 +89,7 @@ static int pflow_sendout_v5(struct pflow_softc *); static int pflow_sendout_ipfix(struct pflow_softc *, enum pflow_family_t); static int pflow_sendout_ipfix_tmpl(struct pflow_softc *); static int pflow_sendout_mbuf(struct pflow_softc *, struct mbuf *); +static int sysctl_pflowstats(SYSCTL_HANDLER_ARGS); static void pflow_timeout(void *); static void pflow_timeout6(void *); static void pflow_timeout_tmpl(void *); @@ -119,6 +120,17 @@ static int copy_nat_ipfix_4_to_m(struct pflow_ipfix_nat4 *, static const char pflowname[] = "pflow"; +enum pflowstat_counters { + pflow_flows, + pflow_packets, + pflow_onomem, + pflow_oerrors, + pflow_ncounters, +}; +struct pflowstats_ctr { + counter_u64_t c[pflow_ncounters]; +}; + /** * Locking concept * @@ -139,7 +151,7 @@ VNET_DEFINE(CK_LIST_HEAD(, pflow_softc), pflowif_list); #define V_pflowif_list VNET(pflowif_list) VNET_DEFINE(struct mtx, pflowif_list_mtx); #define V_pflowif_list_mtx VNET(pflowif_list_mtx) -VNET_DEFINE(struct pflowstats, pflowstat); +VNET_DEFINE(struct pflowstats_ctr, pflowstat); #define V_pflowstats VNET(pflowstat) #define PFLOW_LOCK(_sc) mtx_lock(&(_sc)->sc_lock) @@ -148,10 +160,16 @@ VNET_DEFINE(struct pflowstats, pflowstat); SYSCTL_NODE(_net, OID_AUTO, pflow, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "PFLOW"); -SYSCTL_STRUCT(_net_pflow, OID_AUTO, stats, CTLFLAG_VNET | CTLFLAG_RW, - &VNET_NAME(pflowstat), pflowstats, +SYSCTL_PROC(_net_pflow, OID_AUTO, stats, CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, + 0, 0, sysctl_pflowstats, "S,pflowstats", "PFLOW statistics (struct pflowstats, net/if_pflow.h)"); +static inline void +pflowstat_inc(enum pflowstat_counters c) +{ + counter_u64_add(V_pflowstats.c[c], 1); +} + static void vnet_pflowattach(void) { @@ -159,6 +177,9 @@ vnet_pflowattach(void) mtx_init(&V_pflowif_list_mtx, "pflow interface list mtx", NULL, MTX_DEF); V_pflow_unr = new_unrhdr(0, INT_MAX, &V_pflowif_list_mtx); + + for (int i = 0; i < pflow_ncounters; i++) + V_pflowstats.c[i] = counter_u64_alloc(M_WAITOK); } VNET_SYSINIT(vnet_pflowattach, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY, vnet_pflowattach, NULL); @@ -175,6 +196,9 @@ vnet_pflowdetach(void) MPASS(CK_LIST_EMPTY(&V_pflowif_list)); delete_unrhdr(V_pflow_unr); mtx_destroy(&V_pflowif_list_mtx); + + for (int i = 0; i < pflow_ncounters; i++) + counter_u64_free(V_pflowstats.c[i]); } VNET_SYSUNINIT(vnet_pflowdetach, SI_SUB_PROTO_FIREWALL, SI_ORDER_FOURTH, vnet_pflowdetach, NULL); @@ -538,14 +562,14 @@ pflow_get_mbuf(struct pflow_softc *sc, u_int16_t set_id) MGETHDR(m, M_NOWAIT, MT_DATA); if (m == NULL) { - V_pflowstats.pflow_onomem++; + pflowstat_inc(pflow_onomem); return (NULL); } MCLGET(m, M_NOWAIT); if ((m->m_flags & M_EXT) == 0) { m_free(m); - V_pflowstats.pflow_onomem++; + pflowstat_inc(pflow_onomem); return (NULL); } @@ -808,8 +832,7 @@ copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc) (sc->sc_count * sizeof(struct pflow_flow)), sizeof(struct pflow_flow), (caddr_t)flow); - if (V_pflowstats.pflow_flows == sc->sc_gcounter) - V_pflowstats.pflow_flows++; + pflowstat_inc(pflow_flows); sc->sc_gcounter++; sc->sc_count++; @@ -839,8 +862,7 @@ copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct pflow_softc *sc) (sc->sc_count4 * sizeof(struct pflow_ipfix_flow4)), sizeof(struct pflow_ipfix_flow4), (caddr_t)flow); - if (V_pflowstats.pflow_flows == sc->sc_gcounter) - V_pflowstats.pflow_flows++; + pflowstat_inc(pflow_flows); sc->sc_gcounter++; sc->sc_count4++; @@ -869,8 +891,7 @@ copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow, struct pflow_softc *sc) (sc->sc_count6 * sizeof(struct pflow_ipfix_flow6)), sizeof(struct pflow_ipfix_flow6), (caddr_t)flow); - if (V_pflowstats.pflow_flows == sc->sc_gcounter) - V_pflowstats.pflow_flows++; + pflowstat_inc(pflow_flows); sc->sc_gcounter++; sc->sc_count6++; @@ -905,10 +926,9 @@ copy_nat_ipfix_4_to_m(struct pflow_ipfix_nat4 *nat, const struct pf_kstate *st, sizeof(struct pflow_ipfix_nat4), (caddr_t)nat); sc->sc_count_nat4++; - if (V_pflowstats.pflow_flows == sc->sc_gcounter) - V_pflowstats.pflow_flows++; - + pflowstat_inc(pflow_flows); sc->sc_gcounter++; + if (sc->sc_count_nat4 >= sc->sc_maxcount_nat4) ret = pflow_sendout_ipfix(sc, PFLOW_NAT4); @@ -1116,7 +1136,7 @@ pflow_sendout_v5(struct pflow_softc *sc) sc->sc_mbuf = NULL; - V_pflowstats.pflow_packets++; + pflowstat_inc(pflow_packets); h = mtod(m, struct pflow_header *); h->count = htons(sc->sc_count); @@ -1178,14 +1198,15 @@ pflow_sendout_ipfix(struct pflow_softc *sc, enum pflow_family_t af) panic("Unsupported AF %d", af); } - V_pflowstats.pflow_packets++; + pflowstat_inc(pflow_packets); + set_hdr = mtod(m, struct pflow_set_header *); set_hdr->set_length = htons(set_length); /* populate pflow_header */ M_PREPEND(m, sizeof(struct pflow_v10_header), M_NOWAIT); if (m == NULL) { - V_pflowstats.pflow_onomem++; + pflowstat_inc(pflow_onomem); return (ENOBUFS); } h10 = mtod(m, struct pflow_v10_header *); @@ -1215,12 +1236,12 @@ pflow_sendout_ipfix_tmpl(struct pflow_softc *sc) m_copyback(m, 0, sizeof(struct pflow_ipfix_tmpl), (caddr_t)&sc->sc_tmpl_ipfix); - V_pflowstats.pflow_packets++; + pflowstat_inc(pflow_packets); /* populate pflow_header */ M_PREPEND(m, sizeof(struct pflow_v10_header), M_NOWAIT); if (m == NULL) { - V_pflowstats.pflow_onomem++; + pflowstat_inc(pflow_onomem); return (ENOBUFS); } h10 = mtod(m, struct pflow_v10_header *); @@ -1249,6 +1270,23 @@ pflow_sendout_mbuf(struct pflow_softc *sc, struct mbuf *m) return (sosend(sc->so, sc->sc_flowdst, NULL, m, NULL, 0, curthread)); } +static int +sysctl_pflowstats(SYSCTL_HANDLER_ARGS) +{ + struct pflowstats pflowstats; + + pflowstats.pflow_flows = + counter_u64_fetch(V_pflowstats.c[pflow_flows]); + pflowstats.pflow_packets = + counter_u64_fetch(V_pflowstats.c[pflow_packets]); + pflowstats.pflow_onomem = + counter_u64_fetch(V_pflowstats.c[pflow_onomem]); + pflowstats.pflow_oerrors = + counter_u64_fetch(V_pflowstats.c[pflow_oerrors]); + + return (sysctl_handle_opaque(oidp, &pflowstats, sizeof(pflowstats), req)); +} + static int pflow_nl_list(struct nlmsghdr *hdr, struct nl_pstate *npt) {