switch dymmynet from mbuf based tagging to m_tag
Matthew Dillon
dillon at apollo.backplane.com
Mon Oct 22 08:53:47 PDT 2007
:Hmm, that's problematic. How about fixing it in following way:
:1) add a key field to ipfw rule (e.g. random number when rule was created)
:2) hash ipfw rules using above key, mainly to accelerate the following
:ipfw rule looking up
:3) when recording ipfw rule address in dummynet m_tag, the key of the
:ipfw rule is recorded in a seperate field in dummynet m_tag too
:4) in ipfw_chk(), we try finding the rule using the key recorded in
:dummynet m_tag, and compare the found ipfw rule address with the ipfw
:rule address recorded in dummynet m_tag, if they match then the rule
:is not deleted
:
:But I think that's a different problem than what the above patch
:intends to address, so I don't want to fix them in one patch :)
:
:Best Regards,
:sephe
:
:--
:Live Free or Die
Yah, definitely a separate patch, don't let it interfere with your
clean-up.
In finding a solution we want to keep SMP in mind. The more I look
at it the more I worry about in-transit packets, especially when used
with dynamic rules.
I think putting the validation in ipfw_chk() is a good idea. If I
were doing it from scratch I would probably ref-count the rule structure
and flag the deletion, but at this point in time a hash table would
probably be less invasive.
You don't need to generate a random key, just use the pointer address
itself as the key. I don't think we want to change the rule structure
itself if we can help it, that will probably create userland
incompatibilities. I'll leave it up to you.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Submit
mailing list