Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Mar 2013 16:05:19 +0100
From:      Kajetan Staszkiewicz <vegeta@tuxpowered.net>
To:        Ermal =?iso-8859-1?q?Lu=E7i?= <eri@freebsd.org>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject:   Re: [patch] Source entries removing is awfully slow.
Message-ID:  <201303111605.19518.vegeta@tuxpowered.net>
In-Reply-To: <CAPBZQG0EyUb=MZFfFzesxQvA38CPBubjd7izt3OHyqpbMOMarA@mail.gmail.com>
References:  <201303081419.17743.vegeta@tuxpowered.net> <201303091437.51945.vegeta@tuxpowered.net> <CAPBZQG0EyUb=MZFfFzesxQvA38CPBubjd7izt3OHyqpbMOMarA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
There are some things I find flawed in your patch:

1.

+#if 0
 		if (killed > 0)
 			pf_purge_expired_src_nodes(1);
+#endif

This means that after using `pfctl -K` the src nodes are still around until 
purged and any new states created will still use them and bump their expire 
timer. This also changes behavior from DIOCCLRSRCNODES, which also performs the 
purge immediately. You also moved s->src_node=s->nat_src_node=NULL code to 
inside of pf_purge_expired_src_nodes, therefore I believe it should be called 
immediately. If detaching state from source is done in 
pf_purge_expired_src_nodes, DIOCCLRSRCNODES does not have to traverse the state 
table anymore, so we achieve another performance improvement.

2.
                /* Handle state to src_node linkage */
+#ifndef __FreeBSD__ 
                if (sn->states != 0) {
                    RB_FOREACH(s, pf_state_tree_id,
#ifdef __FreeBSD__
                        &V_tree_id) {       
#else
                        &tree_id) {         
#endif
                        if (s->src_node == sn)  
                            s->src_node = NULL;         
                        if (s->nat_src_node == sn) 
                            s->nat_src_node = NULL;     
                    }                   
                    sn->states = 0;     
                }               
+#endif
                sn->expire = 1; 
                killed++;       

This removes a bit too much code, that is zeroing of source's state counter.

Please find the next version of the patch here:
http://vegeta.tuxpowered.net/download/link-states-to-src_node-3.patch

This one also takes care of removing states linked to found sources if pfctl is 
given extra -c parameter (that can stand for "clear", I could not find any 
other free pfctl parameter better matching). Thanks to this parameter, the 
default behavior is not changed.

-- 
| pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD |
|  Kajetan Staszkiewicz  | jabber,email: vegeta()tuxpowered net  |
|        Vegeta          | www: http://vegeta.tuxpowered.net     |
`------------------------^---------------------------------------'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303111605.19518.vegeta>