de-virtualize pf sysctls
Mikolaj Golub
trociny at FreeBSD.org
Wed Jun 12 18:51:56 UTC 2013
On Sat, Jun 08, 2013 at 04:50:32PM +0200, Nikos Vassiliadis wrote:
> On 06/08/2013 04:11 PM, Nikos Vassiliadis wrote:
> > Hi,
> >
> > Please review this patch. These two variables are RO-tunables and
> > cannot be changed at runtime. As such, it is not useful to
> > virtualize them.
This looks correct to me. Also, it looks like V_pf_hashmask and
V_pf_srchashmask can be de-virtualized then.
>
> Sorry for the noise,
>
> I missed something in the previous patch.
>
>
>
> Index: sys/netpfil/pf/pf.c
> ===================================================================
> --- sys/netpfil/pf/pf.c (revision 251514)
> +++ sys/netpfil/pf/pf.c (working copy)
> @@ -359,15 +359,13 @@ VNET_DEFINE(u_long, pf_srchashmask);
>
> SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");
>
> -VNET_DEFINE(u_long, pf_hashsize);
> -#define V_pf_hashsize VNET(pf_hashsize)
> -SYSCTL_VNET_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
> - &VNET_NAME(pf_hashsize), 0, "Size of pf(4) states hashtable");
> +static u_long pf_hashsize;
> +static u_long pf_srchashsize;
>
> -VNET_DEFINE(u_long, pf_srchashsize);
> -#define V_pf_srchashsize VNET(pf_srchashsize)
> -SYSCTL_VNET_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
> - &VNET_NAME(pf_srchashsize), 0, "Size of pf(4) source nodes hashtable");
> +SYSCTL_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
> + &pf_hashsize, 0, "Size of pf(4) states hashtable");
> +SYSCTL_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
> + &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
>
> VNET_DEFINE(void *, pf_swi_cookie);
>
> @@ -698,12 +696,12 @@ pf_initialize()
> struct pf_srchash *sh;
> u_int i;
>
> - TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &V_pf_hashsize);
> - if (V_pf_hashsize == 0 || !powerof2(V_pf_hashsize))
> - V_pf_hashsize = PF_HASHSIZ;
> - TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &V_pf_srchashsize);
> - if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize))
> - V_pf_srchashsize = PF_HASHSIZ / 4;
> + TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &pf_hashsize);
> + if (pf_hashsize == 0 || !powerof2(pf_hashsize))
> + pf_hashsize = PF_HASHSIZ;
> + TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &pf_srchashsize);
> + if (pf_srchashsize == 0 || !powerof2(pf_srchashsize))
> + pf_srchashsize = PF_HASHSIZ / 4;
>
> V_pf_hashseed = arc4random();
>
> @@ -717,11 +715,11 @@ pf_initialize()
> V_pf_state_key_z = uma_zcreate("pf state keys",
> sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
> UMA_ALIGN_PTR, 0);
> - V_pf_keyhash = malloc(V_pf_hashsize * sizeof(struct pf_keyhash),
> + V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
> M_PFHASH, M_WAITOK | M_ZERO);
> - V_pf_idhash = malloc(V_pf_hashsize * sizeof(struct pf_idhash),
> + V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
> M_PFHASH, M_WAITOK | M_ZERO);
> - V_pf_hashmask = V_pf_hashsize - 1;
> + V_pf_hashmask = pf_hashsize - 1;
> for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
> i++, kh++, ih++) {
> mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF);
> @@ -735,9 +733,9 @@ pf_initialize()
> V_pf_limits[PF_LIMIT_SRC_NODES].zone = V_pf_sources_z;
> uma_zone_set_max(V_pf_sources_z, PFSNODE_HIWAT);
> uma_zone_set_warning(V_pf_sources_z, "PF source nodes limit reached");
> - V_pf_srchash = malloc(V_pf_srchashsize * sizeof(struct pf_srchash),
> + V_pf_srchash = malloc(pf_srchashsize * sizeof(struct pf_srchash),
> M_PFHASH, M_WAITOK|M_ZERO);
> - V_pf_srchashmask = V_pf_srchashsize - 1;
> + V_pf_srchashmask = pf_srchashsize - 1;
> for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++)
> mtx_init(&sh->lock, "pf_srchash", NULL, MTX_DEF);
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
--
Mikolaj Golub
More information about the freebsd-pf
mailing list