git: pf - make the bulk of PF concurrent under normal operation

Matthew Dillon dillon at crater.dragonflybsd.org
Thu Jun 26 20:44:22 PDT 2014


commit 3a0038bfb239dd522057809c52d7d23dd2134c38
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Thu Jun 26 20:40:32 2014 -0700

    pf - make the bulk of PF concurrent under normal operation
    
    * state and ip fragment tables are now per-cpu.
    
    * packet paths acquire pf_token shared instead of exclusive.  Packet
      processing runs concurrently.
    
    * Any dynamic rules updates will run synchronously for now.
    
    * State expiration from the pfpurge thread runs synchronously for now.
      More work can be done here.
    
    * ioctl (and also pfsync) paths acquire pf_token exclusively.  That is,
      primarily pfctl commands.  This includes rules updates and state scans.
      More work can be done here.

Summary of changes:
 sys/net/pf/Makefile    |   2 +
 sys/net/pf/if_pfsync.c |  85 +++++++---
 sys/net/pf/if_pfsync.h |   2 +
 sys/net/pf/pf.c        | 260 ++++++++++++++++++++----------
 sys/net/pf/pf_ioctl.c  | 427 +++++++++++++++++++++++++++++++------------------
 sys/net/pf/pf_norm.c   | 118 ++++++++------
 sys/net/pf/pfvar.h     |  17 +-
 7 files changed, 588 insertions(+), 323 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3a0038bfb239dd522057809c52d7d23dd2134c38


-- 
DragonFly BSD source repository


More information about the Commits mailing list