git: pf - make the bulk of PF concurrent under normal operation
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu Jun 26 20:44:22 PDT 2014
commit 3a0038bfb239dd522057809c52d7d23dd2134c38
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Thu Jun 26 20:40:32 2014 -0700
pf - make the bulk of PF concurrent under normal operation
* state and ip fragment tables are now per-cpu.
* packet paths acquire pf_token shared instead of exclusive. Packet
processing runs concurrently.
* Any dynamic rules updates will run synchronously for now.
* State expiration from the pfpurge thread runs synchronously for now.
More work can be done here.
* ioctl (and also pfsync) paths acquire pf_token exclusively. That is,
primarily pfctl commands. This includes rules updates and state scans.
More work can be done here.
Summary of changes:
sys/net/pf/Makefile | 2 +
sys/net/pf/if_pfsync.c | 85 +++++++---
sys/net/pf/if_pfsync.h | 2 +
sys/net/pf/pf.c | 260 ++++++++++++++++++++----------
sys/net/pf/pf_ioctl.c | 427 +++++++++++++++++++++++++++++++------------------
sys/net/pf/pf_norm.c | 118 ++++++++------
sys/net/pf/pfvar.h | 17 +-
7 files changed, 588 insertions(+), 323 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3a0038bfb239dd522057809c52d7d23dd2134c38
--
DragonFly BSD source repository
More information about the Commits
mailing list