From owner-svn-src-head@FreeBSD.ORG Thu Jan 8 03:37:57 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E147D71F; Thu, 8 Jan 2015 03:37:57 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AFB46D6A; Thu, 8 Jan 2015 03:37:57 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-233-252.lns20.per1.internode.on.net [121.45.233.252]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id t083bnRW011471 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 7 Jan 2015 19:37:52 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <54ADFB88.1090705@freebsd.org> Date: Thu, 08 Jan 2015 11:37:44 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Gleb Smirnoff , "Bjoern A. Zeeb" Subject: Re: svn commit: r276747 - head/sys/netpfil/pf References: <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <20150108003146.GL15484@FreeBSD.org> In-Reply-To: <20150108003146.GL15484@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: Craig Rodrigues , svn-src-head@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis , src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2015 03:37:58 -0000 On 1/8/15 8:31 AM, Gleb Smirnoff wrote: > On Thu, Jan 08, 2015 at 12:21:57AM +0000, Bjoern A. Zeeb wrote: > B> > B> > On 07 Jan 2015, at 20:46 , Gleb Smirnoff wrote: > B> > > B> > On Tue, Jan 06, 2015 at 09:03:04AM +0000, Craig Rodrigues wrote: > B> > C> Author: rodrigc > B> > C> Date: Tue Jan 6 09:03:03 2015 > B> > C> New Revision: 276747 > B> > C> URL: https://svnweb.freebsd.org/changeset/base/276747 > B> > C> > B> > C> Log: > B> > C> Instead of creating a purge thread for every vnet, create > B> > C> a single purge thread and clean up all vnets from this thread. > B> > C> > B> > C> PR: 194515 > B> > C> Differential Revision: D1315 > B> > C> Submitted by: Nikos Vassiliadis > B> > > B> > I am not sure that this is a good idea. The core idea of VNETs > B> > is that they are isolated from each other. If we serialize purging, > B> > then vnets are strongly affecting each other. > B> > > B> > AFAIU, from the PR there is some panic fixed. What is the actual bug > B> > and why couldn't it be fixed with having per-vnet thread? > B> > B> You don’t 30000 whatever pf purging threads on a system all running, possibly competing for some resources, e.g., locks? > > Isn't a vnet, which is a jail, already a set of a dozen of processes? So, > if you are speaking of "30000 whatever pf purging threads", then you > already mean "1 mln whatever processes". Actually, no. as we have presetned it, a vnet is part of a jail. But, it was originally an independnent thing, like FIBS, and a jail may exist with a single process. I think one should be enough.. or if that it is not sufficient, then at maximum, one per cpu > > Speaking of pf purging threads competing for resources. If someone wants > really independent pfs in vnets, then locks should be virtualized as well. >