ipfw2 for dragonflybsd

bycn82 bycn82 at gmail.com
Wed Dec 3 04:54:27 PST 2014


*Hi,*
*You are right, I got your point already,*
*No need to sync the state table because if the state is not existing in
CPU A's context, the traffic still can continue , it will automatically
create,*

*But the NAT is different. because when the traffic return back, it has to
see the NAT record. if we have NAT record per-CPU, then that means we need
to sync the record to all CPU. that will cause more resource, so NAT will
be shared by call CPUs, so cannot be "lockless"*



On Wed, Nov 19, 2014 at 9:48 AM, Sepherosa Ziehau <sepherosa at gmail.com>
wrote:

> The code of lockless ipfw2 static rule is there for ages
> (sys/net/ipfw) and I currently don't find enough time to make in-base
> ipfw2 state table lockless.  But it could be as simple as:
> - Make state table per-cpu.
> - Make the state table GC callout per-cpu.
> - Remove the state table lock.
>
>
> On Wed, Nov 19, 2014 at 9:26 AM, bycn82 <bycn82 at gmail.com> wrote:
> > why not share more information, for example write a internal document for
> > developers like NetBSD in order to help newcomers.
> >
> > https://www.netbsd.org/docs/internals/en/index.html
> >
> >
> > On Tue, Nov 18, 2014 at 6:45 AM, Sepherosa Ziehau <sepherosa at gmail.com>
> > wrote:
> >>
> >> For static rules, ipfw2 in the base is already lockless MPSAFE.  I
> >> want to change the states lockless MPSAFE (it was not doable back to
> >> the time I made ipfw2 static rules lockless MPSAFE; but now since we
> >> dispatch udp outputs to the proper netisr, it is doable).
> >>
> >> On Mon, Nov 17, 2014 at 6:13 PM, Zachary Crownover
> >> <zachary.crownover at gmail.com> wrote:
> >> > I would say follow in the steps that were taken for the pf code that
> was
> >> > touched recently for SMP support and prevention of locking for you
> >> > application of the same into ipfw.
> >> >
> >> > On Sun, Nov 16, 2014 at 10:04 PM, bycn82 <bycn82 at gmail.com> wrote:
> >> >>
> >> >> Hi ,
> >> >> I am re-writing the ipfw for dragonflybsd. and once I cleanup the
> code,
> >> >> I
> >> >> will continue port some useful features like NAT and policy routing.(
> >> >> NAT
> >> >> will be the next one)
> >> >>
> >> >> And here is a simple wiki page for it,
> >> >> http://www.dragonflybsd.org/docs/ipfw2/
> >> >>
> >> >> any comment? Sure I need people's help in testing of it. thanks in
> >> >> advanced.
> >> >>
> >> >> Regards,
> >> >> bycn82
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Sincerely,
> >> >
> >> > Zachary Crownover
> >>
> >>
> >>
> >> --
> >> Tomorrow Will Never Die
> >
> >
>
>
>
> --
> Tomorrow Will Never Die
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20141203/02ceda54/attachment-0008.html>


More information about the Users mailing list