[patch] Source entries removing is awfully slow.
Kajetan Staszkiewicz
vegeta at tuxpowered.net
Mon Mar 11 15:05:23 UTC 2013
There are some things I find flawed in your patch:
1.
+#if 0
if (killed > 0)
pf_purge_expired_src_nodes(1);
+#endif
This means that after using `pfctl -K` the src nodes are still around until
purged and any new states created will still use them and bump their expire
timer. This also changes behavior from DIOCCLRSRCNODES, which also performs the
purge immediately. You also moved s->src_node=s->nat_src_node=NULL code to
inside of pf_purge_expired_src_nodes, therefore I believe it should be called
immediately. If detaching state from source is done in
pf_purge_expired_src_nodes, DIOCCLRSRCNODES does not have to traverse the state
table anymore, so we achieve another performance improvement.
2.
/* Handle state to src_node linkage */
+#ifndef __FreeBSD__
if (sn->states != 0) {
RB_FOREACH(s, pf_state_tree_id,
#ifdef __FreeBSD__
&V_tree_id) {
#else
&tree_id) {
#endif
if (s->src_node == sn)
s->src_node = NULL;
if (s->nat_src_node == sn)
s->nat_src_node = NULL;
}
sn->states = 0;
}
+#endif
sn->expire = 1;
killed++;
This removes a bit too much code, that is zeroing of source's state counter.
Please find the next version of the patch here:
http://vegeta.tuxpowered.net/download/link-states-to-src_node-3.patch
This one also takes care of removing states linked to found sources if pfctl is
given extra -c parameter (that can stand for "clear", I could not find any
other free pfctl parameter better matching). Thanks to this parameter, the
default behavior is not changed.
--
| pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD |
| Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net |
| Vegeta | www: http://vegeta.tuxpowered.net |
`------------------------^---------------------------------------'
More information about the freebsd-net
mailing list