svn commit: r236561 - in projects/pf/head: contrib/pf/man contrib/pf/pfctl sys/contrib/pf/net

Gleb Smirnoff glebius at FreeBSD.org
Mon Jun 4 13:41:23 UTC 2012 

Author: glebius
Date: Mon Jun  4 13:41:22 2012
New Revision: 236561
URL: http://svn.freebsd.org/changeset/base/236561

Log:
  - Remove table zone and assiciated limit, tables are created only
    when user configures pf(4), no reason for separate zone and limit.
  - Catch up with r236364 to head: initialize kcounters zone.
  - Make kentry and kcounters zone private to pf_table.c

Modified:
  projects/pf/head/contrib/pf/man/pf.4
  projects/pf/head/contrib/pf/pfctl/pfctl.c
  projects/pf/head/sys/contrib/pf/net/pf.c
  projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
  projects/pf/head/sys/contrib/pf/net/pf_table.c
  projects/pf/head/sys/contrib/pf/net/pfvar.h

Modified: projects/pf/head/contrib/pf/man/pf.4
==============================================================================
--- projects/pf/head/contrib/pf/man/pf.4	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/contrib/pf/man/pf.4	Mon Jun  4 13:41:22 2012	(r236561)
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 29 2012
+.Dd June 4 2012
 .Dt PF 4
 .Os
 .Sh NAME
@@ -492,7 +492,7 @@ struct pfioc_limit {
 };
 
 enum	{ PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS,
-	  PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX };
+	  PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX };
 .Ed
 .It Dv DIOCGETLIMIT Fa "struct pfioc_limit *pl"
 Get the hard

Modified: projects/pf/head/contrib/pf/pfctl/pfctl.c
==============================================================================
--- projects/pf/head/contrib/pf/pfctl/pfctl.c	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/contrib/pf/pfctl/pfctl.c	Mon Jun  4 13:41:22 2012	(r236561)
@@ -144,7 +144,6 @@ static const struct {
 	{ "states",		PF_LIMIT_STATES },
 	{ "src-nodes",		PF_LIMIT_SRC_NODES },
 	{ "frags",		PF_LIMIT_FRAGS },
-	{ "tables",		PF_LIMIT_TABLES },
 	{ "table-entries",	PF_LIMIT_TABLE_ENTRIES },
 	{ NULL,			0 }
 };
@@ -1581,7 +1580,6 @@ pfctl_init_options(struct pfctl *pf)
 	pf->limit[PF_LIMIT_STATES] = PFSTATE_HIWAT;
 	pf->limit[PF_LIMIT_FRAGS] = PFFRAG_FRENT_HIWAT;
 	pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT;
-	pf->limit[PF_LIMIT_TABLES] = PFR_KTABLE_HIWAT;
 	pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT;
 
 	mib[0] = CTL_HW;

Modified: projects/pf/head/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf.c	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/sys/contrib/pf/net/pf.c	Mon Jun  4 13:41:22 2012	(r236561)
@@ -714,16 +714,6 @@ pf_initialize()
 	/* Unlinked, but may be referenced rules. */
 	TAILQ_INIT(&V_pf_unlinked_rules);
 	mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF);
-
-	/* XXXGL: sort this out */
-	V_pfr_ktable_z = uma_zcreate("pf tables",
-	    sizeof(struct pfr_ktable), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
-	    0);
-	V_pf_limits[PF_LIMIT_TABLES].zone = V_pfr_ktable_z;
-	V_pfr_kentry_z = uma_zcreate("pf table entries",
-	    sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
-	    0);
-	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z;
 }
 
 void
@@ -765,8 +755,6 @@ pf_cleanup()
 	uma_zdestroy(V_pf_sources_z);
 	uma_zdestroy(V_pf_state_z);
 	uma_zdestroy(V_pf_state_key_z);
-	uma_zdestroy(V_pfr_ktable_z);
-	uma_zdestroy(V_pfr_kentry_z);
 }
 
 static int

Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c	Mon Jun  4 13:41:22 2012	(r236561)
@@ -250,14 +250,12 @@ pfattach(void)
 	int error;
 
 	pf_initialize();
+	pfr_initialize();
 	pfi_initialize();
 	pf_normalize_init();
 
 	V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT;
 	V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT;
-	V_pf_limits[PF_LIMIT_TABLES].limit = PFR_KTABLE_HIWAT;
-	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z;
-	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT;
 
 	RB_INIT(&V_pf_anchors);
 	pf_init_ruleset(&pf_main_ruleset);
@@ -3782,6 +3780,7 @@ pf_unload(void)
 	}
 	pf_normalize_cleanup();
 	pfi_cleanup();
+	pfr_cleanup();
 	pf_osfp_flush();
 	pf_cleanup();
 	PF_RULES_WUNLOCK();

Modified: projects/pf/head/sys/contrib/pf/net/pf_table.c
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pf_table.c	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/sys/contrib/pf/net/pf_table.c	Mon Jun  4 13:41:22 2012	(r236561)
@@ -118,10 +118,11 @@ struct pfr_walktree {
 
 #define	senderr(e)	do { rv = (e); goto _bad; } while (0)
 
-VNET_DEFINE(uma_zone_t,			pfr_ktable_z);
-VNET_DEFINE(uma_zone_t,			pfr_kentry_z);
-VNET_DEFINE(uma_zone_t,			pfr_kcounters_z);
-#define	V_pfr_kcounters_z		VNET(pfr_kcounters_z)
+static MALLOC_DEFINE(M_PFTABLE, "pf(4) table", "pf(4) tables structures");
+static VNET_DEFINE(uma_zone_t, pfr_kentry_z);
+#define	V_pfr_kentry_z		VNET(pfr_kentry_z)
+static VNET_DEFINE(uma_zone_t, pfr_kcounters_z);
+#define	V_pfr_kcounters_z	VNET(pfr_kcounters_z)
 
 static struct pf_addr	 pfr_ffaddr = {
 	.addr32 = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }
@@ -185,6 +186,28 @@ struct pfr_ktablehead	 pfr_ktables;
 struct pfr_table	 pfr_nulltable;
 int			 pfr_ktable_cnt;
 
+void
+pfr_initialize(void)
+{
+
+	V_pfr_kentry_z = uma_zcreate("pf table entries",
+	    sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
+	    0);
+	V_pfr_kcounters_z = uma_zcreate("pf table counters",
+	    sizeof(struct pfr_kcounters), NULL, NULL, NULL, NULL,
+	    UMA_ALIGN_PTR, 0);
+	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z;
+	V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT;
+}
+
+void
+pfr_cleanup(void)
+{
+
+	uma_zdestroy(V_pfr_kentry_z);
+	uma_zdestroy(V_pfr_kcounters_z);
+}
+
 int
 pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags)
 {
@@ -1776,7 +1799,7 @@ pfr_create_ktable(struct pfr_table *tbl,
 
 	PF_RULES_WASSERT();
 
-	kt = uma_zalloc(V_pfr_ktable_z, M_NOWAIT|M_ZERO);
+	kt = malloc(sizeof(*kt), M_PFTABLE, M_NOWAIT|M_ZERO);
 	if (kt == NULL)
 		return (NULL);
 	kt->pfrkt_t = *tbl;
@@ -1838,7 +1861,7 @@ pfr_destroy_ktable(struct pfr_ktable *kt
 		kt->pfrkt_rs->tables--;
 		pf_remove_if_empty_ruleset(kt->pfrkt_rs);
 	}
-	uma_zfree(V_pfr_ktable_z, kt);
+	free(kt, M_PFTABLE);
 }
 
 static int

Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h
==============================================================================
--- projects/pf/head/sys/contrib/pf/net/pfvar.h	Mon Jun  4 12:49:21 2012	(r236560)
+++ projects/pf/head/sys/contrib/pf/net/pfvar.h	Mon Jun  4 13:41:22 2012	(r236561)
@@ -113,7 +113,7 @@ enum	{ PFTM_TCP_FIRST_PACKET, PFTM_TCP_O
 
 enum	{ PF_NOPFROUTE, PF_FASTROUTE, PF_ROUTETO, PF_DUPTO, PF_REPLYTO };
 enum	{ PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS,
-	  PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX };
+	  PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX };
 #define PF_POOL_IDMASK		0x0f
 enum	{ PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM,
 	  PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN };
@@ -1412,7 +1412,6 @@ struct pf_divert {
 #define PFFRAG_FRCENT_HIWAT	50000	/* Number of fragment cache entries */
 #define PFFRAG_FRCACHE_HIWAT	10000	/* Number of fragment descriptors */
 
-#define PFR_KTABLE_HIWAT	1000	/* Number of tables */
 #define PFR_KENTRY_HIWAT	200000	/* Number of table entries */
 #define PFR_KENTRY_HIWAT_SMALL	100000	/* Number of table entries (tiny hosts) */
 
@@ -1732,10 +1731,6 @@ VNET_DECLARE(uma_zone_t,	 pf_state_z);
 #define	V_pf_state_z		 VNET(pf_state_z)
 VNET_DECLARE(uma_zone_t,	 pf_state_key_z);
 #define	V_pf_state_key_z	 VNET(pf_state_key_z)
-VNET_DECLARE(uma_zone_t,	 pfr_ktable_z);
-#define	V_pfr_ktable_z		 VNET(pfr_ktable_z)
-VNET_DECLARE(uma_zone_t,	 pfr_kentry_z);
-#define	V_pfr_kentry_z		 VNET(pfr_kentry_z)
 VNET_DECLARE(uma_zone_t,	 pf_state_scrub_z);
 #define	V_pf_state_scrub_z	 VNET(pf_state_scrub_z)
 
@@ -1852,6 +1847,8 @@ int	pf_routable(struct pf_addr *addr, sa
 	    int);
 int	pf_socket_lookup(int, struct pf_pdesc *);   
 struct pf_state_key *pf_alloc_state_key(int);
+void	pfr_initialize(void);
+void	pfr_cleanup(void);
 int	pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t);
 void	pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t,
 	    u_int64_t, int, int, int);

More information about the svn-src-projects mailing list