git: ipfw: Implement state based "redirect", i.e. without using libalias.

Sepherosa Ziehau sephe at crater.dragonflybsd.org
Sun Oct 15 00:27:50 PDT 2017


commit e622598eabbac3d195b7fd68780c9131296b638c
Author: Sepherosa Ziehau <sephe at dragonflybsd.org>
Date:   Sat Sep 30 14:39:48 2017 +0800

    ipfw: Implement state based "redirect", i.e. without using libalias.
    
    Redirection creates two states, i.e. one before the translation (xlat0)
    and one after the translation (xlat1).  If the hash of the translated
    packet indicates that it is owned by a remote CPU:
    - If the packet triggers the state pair creation, the 'xlat1' will be
      piggybacked by the translated packet, which will be forwarded to the
      remote CPU for further evalution.  And the 'xlat1' will be installed
      on the remote CPU before the evalution of the translated packet.
    - Else only the translated packet will be forwarded to the remote CPU
      for further evalution.
    
    The 'xlat1' is called the slave state, which will be deleted only when
    the 'xlat0' (the master state) is deleted.  The state pair is always
    deleted on the CPU owning the 'xlat1'; the 'xlat0' will be forwarded
    there.
    
    The reference counting of the state pair is maintained independently
    in each state, the memory of the state pair will be freed only after
    the sum of the counter in each state reaches 0.  This avoids expensive
    per-packet atomic ops.
    
    As far as I have tested, this implementation of "redirect" does _not_
    introduce any noticeable performance reduction, latency increasing or
    latency destability.
    
    This commit makes most of the necessary bits for NAT ready too.

Summary of changes:
 sbin/ipfw/ipfw.8        |   61 ++-
 sbin/ipfw/ipfw2.c       |  102 ++++-
 sys/net/if_ethersubr.c  |    3 +-
 sys/net/ipfw/ip_fw2.c   | 1107 +++++++++++++++++++++++++++++++++++++++++------
 sys/net/ipfw/ip_fw2.h   |   64 ++-
 sys/netinet/ip_output.c |    6 +
 sys/sys/mbuf.h          |    3 +
 7 files changed, 1162 insertions(+), 184 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e622598eabbac3d195b7fd68780c9131296b638c


-- 
DragonFly BSD source repository


More information about the Commits mailing list