git: ipfw3: lockless in-kernel NAT

Bill Yuan bycn82 at crater.dragonflybsd.org
Tue Jun 21 03:20:32 PDT 2016 

commit 9187b359203f12156672d8e1db35aaca69f1f482
Author: Bill Yuan <bycn82 at dragonflybsd.org>
Date:   Tue Jun 21 18:13:10 2016 +0000

    ipfw3: lockless in-kernel NAT
    
    The libalias is used in kernel space for in-kernel NAT, and its alias_link
    entries are stored with LIST. so all the packets which need to be NAT will scan
    against the LIST and trying to find the matched alias_link. by seperating the
    libalias into context of different CPUs, the lock can be removed. and due to the
    nature of NAT, the outgoing and incoming packets are possible to be handled by
    different CPUs, to ensure the returning packet can be translated properly, the
    newly created alias_link is required to be duplicated and inserted into contexts
    of both CPUs.
    
    e.g.
    ipfw3 nat 1 config if em0
    ipfw3 nat 1 all via em0
    ipfw3 nat 1 show state

Summary of changes:
 lib/libipfw3/basic/ipfw3_basic.c       |   18 +-
 lib/libipfw3/basic/ipfw3_basic.h       |    2 +-
 lib/libipfw3/dummynet/ipfw3_dummynet.c |    4 +-
 lib/libipfw3/dummynet/ipfw3_dummynet.h |    2 +-
 lib/libipfw3/layer2/ipfw3_layer2.c     |    4 +-
 lib/libipfw3/layer2/ipfw3_layer2.h     |    2 +-
 lib/libipfw3/layer4/ipfw3_layer4.c     |    4 +-
 lib/libipfw3/layer4/ipfw3_layer4.h     |    2 +-
 lib/libipfw3/nat/ipfw3_nat.c           |    6 +-
 lib/libipfw3/nat/ipfw3_nat.h           |    4 +-
 sbin/ipfw3/Makefile                    |    7 +-
 sbin/ipfw3/ipfw.h                      |   56 --
 sbin/ipfw3/ipfw3.c                     | 1009 ++-----------------------------
 sbin/ipfw3/ipfw3.h                     |  131 ++++
 sbin/ipfw3/ipfw3nat.c                  | 1017 ++++++++++++++++++++++++++++++++
 sbin/ipfw3/{ipfw3sync.h => ipfw3nat.h} |   36 +-
 sbin/ipfw3/ipfw3sync.c                 |    2 +-
 sys/net/dummynet3/ip_dummynet.h        |    2 +-
 sys/net/ipfw3/ip_fw3.c                 |   52 +-
 sys/net/ipfw3/ip_fw3.h                 |    9 +-
 sys/net/ipfw3/ip_fw3_log.c             |    2 +-
 sys/net/ipfw3/ip_fw3_log.h             |    2 +-
 sys/net/ipfw3/ip_fw3_table.c           |    2 +-
 sys/net/ipfw3/ip_fw3_table.h           |    2 +-
 sys/net/ipfw3_basic/ip_fw3_basic.c     |    2 +-
 sys/net/ipfw3_basic/ip_fw3_basic.h     |    2 +-
 sys/net/ipfw3_layer2/ip_fw3_layer2.c   |    2 +-
 sys/net/ipfw3_layer2/ip_fw3_layer2.h   |    2 +-
 sys/net/ipfw3_layer4/ip_fw3_layer4.c   |    2 +-
 sys/net/ipfw3_layer4/ip_fw3_layer4.h   |    2 +-
 sys/net/ipfw3_nat/ip_fw3_nat.c         |  670 +++++++++++++--------
 sys/net/ipfw3_nat/ip_fw3_nat.h         |   29 +-
 sys/net/libalias/alias.c               |  121 ++--
 sys/net/libalias/alias.h               |    9 +-
 34 files changed, 1800 insertions(+), 1418 deletions(-)
 delete mode 100644 sbin/ipfw3/ipfw.h
 create mode 100644 sbin/ipfw3/ipfw3.h
 create mode 100644 sbin/ipfw3/ipfw3nat.c
 copy sbin/ipfw3/{ipfw3sync.h => ipfw3nat.h} (65%)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9187b359203f12156672d8e1db35aaca69f1f482


-- 
DragonFly BSD source repository

More information about the Commits mailing list