cvs commit: src/sys/netinet ip_fw2.c
Christian S.J. Peron
csjp at FreeBSD.org
Fri Jun 11 22:17:34 GMT 2004
csjp 2004-06-11 22:17:15 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
Modify ip fw so that whenever UID or GID constraints exist in a
ruleset, the pcb is looked up once per ipfw_chk() activation.
This is done by extracting the required information out of the PCB
and caching it to the ipfw_chk() stack. This should greatly reduce
PCB looking contention and speed up the processing of UID/GID based
firewall rules (especially with large UID/GID rulesets).
Some very basic benchmarks were taken which compares the number
of in_pcblookup_hash(9) activations to the number of firewall
rules containing UID/GID based contraints before and after this patch.
The results can be viewed here:
o http://people.freebsd.org/~csjp/ip_fw_pcb.png
Reviewed by: andre, luigi, rwatson
Approved by: bmilekic (mentor)
Revision Changes Path
1.62 +77 -30 src/sys/netinet/ip_fw2.c
More information about the cvs-src
mailing list