From owner-freebsd-pf@FreeBSD.ORG Sat Apr 5 22:21:31 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DB10250; Sat, 5 Apr 2014 22:21:31 +0000 (UTC) Received: from mail.vx.sk (mail.vx.sk [IPv6:2a01:4f8:150:6101::4]) by mx1.freebsd.org (Postfix) with ESMTP id 1B159381; Sat, 5 Apr 2014 22:21:31 +0000 (UTC) Received: from mail.vx.sk (localhost [127.0.0.1]) by mail.vx.sk (Postfix) with ESMTP id BC10BB58F; Sun, 6 Apr 2014 00:21:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk by mail.vx.sk (amavisd-new, unix socket) with LMTP id GiaYUcmaN6Mt; Sun, 6 Apr 2014 00:21:29 +0200 (CEST) Received: from [192.168.2.103] (dslb-092-078-029-103.pools.arcor-ip.net [92.78.29.103]) by mail.vx.sk (Postfix) with ESMTPSA id A2CBCB585; Sun, 6 Apr 2014 00:21:28 +0200 (CEST) Message-ID: <534081E7.3040403@FreeBSD.org> Date: Sun, 06 Apr 2014 00:21:27 +0200 From: Martin Matuska User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Mikolaj Golub Subject: Re: CFR projects/pf: vnet awareness for pf_overloadqueue References: <5337D55A.6030607@FreeBSD.org> <20140331194109.GA17582@gmail.com> In-Reply-To: <20140331194109.GA17582@gmail.com> X-Enigmail-Version: 1.5.2 Content-Type: multipart/mixed; boundary="------------070903080608050809070009" Cc: freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2014 22:21:31 -0000 This is a multi-part message in MIME format. --------------070903080608050809070009 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit An reworked pf_overloadqueue patch is attached (Mikolaj thanks for the input). This time to keep a united look I used identical syntax as in some other functions. Thank you for reviewing & comments. --------------070903080608050809070009 Content-Type: text/x-patch; name="pf_overloadqueue_2.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="pf_overloadqueue_2.patch" Index: projects/pf/head/sys/netpfil/pf/pf.c =================================================================== --- projects/pf/head/sys/netpfil/pf/pf.c (revision 263908) +++ projects/pf/head/sys/netpfil/pf/pf.c (working copy) @@ -288,7 +288,7 @@ static int pf_addr_wrap_neq(struct pf_addr_wrap static struct pf_state *pf_find_state(struct pfi_kif *, struct pf_state_key_cmp *, u_int); static int pf_src_connlimit(struct pf_state **); -static void pf_overload_task(void *c, int pending); +static void pf_overload_task(void *v, int pending); static int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, struct pf_addr *, sa_family_t); static u_int pf_purge_expired_states(u_int, int); @@ -520,7 +520,7 @@ pf_src_connlimit(struct pf_state **state) } static void -pf_overload_task(void *c, int pending) +pf_overload_task(void *v, int pending) { struct pf_overload_head queue; struct pfr_addr p; @@ -527,9 +527,11 @@ static void struct pf_overload_entry *pfoe, *pfoe1; uint32_t killed = 0; + CURVNET_SET((struct vnet *)v); + PF_OVERLOADQ_LOCK(); - queue = *(struct pf_overload_head *)c; - SLIST_INIT((struct pf_overload_head *)c); + queue = V_pf_overloadqueue; + SLIST_INIT(&V_pf_overloadqueue); PF_OVERLOADQ_UNLOCK(); bzero(&p, sizeof(p)); @@ -573,8 +575,10 @@ static void V_pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; /* If nothing to flush, return. */ - if (SLIST_EMPTY(&queue)) + if (SLIST_EMPTY(&queue)) { + CURVNET_RESTORE(); return; + } for (int i = 0; i <= pf_hashmask; i++) { struct pf_idhash *ih = &V_pf_idhash[i]; @@ -603,6 +607,8 @@ static void free(pfoe, M_PFTEMP); if (V_pf_status.debug >= PF_DEBUG_MISC) printf("%s: %u states killed", __func__, killed); + + CURVNET_RESTORE(); } /* @@ -804,7 +810,7 @@ pf_vnet_initialize() /* Send & overload+flush queues. */ STAILQ_INIT(&V_pf_sendqueue); SLIST_INIT(&V_pf_overloadqueue); - TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, &V_pf_overloadqueue); + TASK_INIT(&V_pf_overloadtask, 0, pf_overload_task, curvnet); /* Unlinked, but may be referenced rules. */ TAILQ_INIT(&V_pf_unlinked_rules); --------------070903080608050809070009--