From owner-freebsd-net@FreeBSD.ORG  Mon Mar 11 15:05:23 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 3CD1F457
 for <freebsd-net@freebsd.org>; Mon, 11 Mar 2013 15:05:23 +0000 (UTC)
 (envelope-from vegeta@tuxpowered.net)
Received: from mail-bk0-x22c.google.com (mail-bk0-x22c.google.com
 [IPv6:2a00:1450:4008:c01::22c])
 by mx1.freebsd.org (Postfix) with ESMTP id C5687967
 for <freebsd-net@freebsd.org>; Mon, 11 Mar 2013 15:05:22 +0000 (UTC)
Received: by mail-bk0-f44.google.com with SMTP id j4so1739723bkw.17
 for <freebsd-net@freebsd.org>; Mon, 11 Mar 2013 08:05:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-received:from:to:subject:date:user-agent:cc:references
 :in-reply-to:mime-version:content-type:content-transfer-encoding
 :message-id:x-gm-message-state;
 bh=yAHTqpZ6wezuRuGmMIXuJGzSYgIfGrRrmf5SQT3CVVY=;
 b=MGH+VsnY3yLjAGVj58DzimE32O54MRlcYW9kT5bItY+mSUnZozfclPMH74CiFpNyIn
 g+cCinh4oFPWnSVlqyoZVOXl9Jvk9GMJ0bcXp/KQKb9J+Vo0vRU1khKIMKutvrUOteiI
 2Cu059h/Cpb9RJAWOXyrHymn5rQ5r6fhZOBZfRqwg/bSHsUOQcbS3J6+36A15EiXvkuC
 LvI7HUUzab7+v/iY8Txg5BHFg/W8gODwJ09YJ1x9VoigNwCcGeUMgnDBXA0X2+ri4mwF
 SBnCSQTIcqeRy1qx+Y/VI/77wcKCmUnwFneDbDPZ907BvQElps2Q1b2DaopBwcg/TK70
 3Udg==
X-Received: by 10.204.195.133 with SMTP id ec5mr4731790bkb.32.1363014321478;
 Mon, 11 Mar 2013 08:05:21 -0700 (PDT)
Received: from zvezda.localnet ([212.48.107.10])
 by mx.google.com with ESMTPS id g28sm4198353bkv.17.2013.03.11.08.05.20
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 11 Mar 2013 08:05:20 -0700 (PDT)
From: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
To: Ermal =?iso-8859-1?q?Lu=E7i?= <eri@freebsd.org>
Subject: Re: [patch] Source entries removing is awfully slow.
Date: Mon, 11 Mar 2013 16:05:19 +0100
User-Agent: KMail/1.13.5 (Linux/3.6.6-vegeta.1; KDE/4.4.5; x86_64; ; )
References: <201303081419.17743.vegeta@tuxpowered.net>
 <201303091437.51945.vegeta@tuxpowered.net>
 <CAPBZQG0EyUb=MZFfFzesxQvA38CPBubjd7izt3OHyqpbMOMarA@mail.gmail.com>
In-Reply-To: <CAPBZQG0EyUb=MZFfFzesxQvA38CPBubjd7izt3OHyqpbMOMarA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201303111605.19518.vegeta@tuxpowered.net>
X-Gm-Message-State: ALoCoQnMp82eb/yeF9je4m/e2vIPyd4SY/SRGHwdYNAGNv+olDcI25/v/v7adYO0gQ93x0ThOOQo
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2013 15:05:23 -0000

There are some things I find flawed in your patch:

1.

+#if 0
 		if (killed > 0)
 			pf_purge_expired_src_nodes(1);
+#endif

This means that after using `pfctl -K` the src nodes are still around until 
purged and any new states created will still use them and bump their expire 
timer. This also changes behavior from DIOCCLRSRCNODES, which also performs the 
purge immediately. You also moved s->src_node=s->nat_src_node=NULL code to 
inside of pf_purge_expired_src_nodes, therefore I believe it should be called 
immediately. If detaching state from source is done in 
pf_purge_expired_src_nodes, DIOCCLRSRCNODES does not have to traverse the state 
table anymore, so we achieve another performance improvement.

2.
                /* Handle state to src_node linkage */
+#ifndef __FreeBSD__ 
                if (sn->states != 0) {
                    RB_FOREACH(s, pf_state_tree_id,
#ifdef __FreeBSD__
                        &V_tree_id) {       
#else
                        &tree_id) {         
#endif
                        if (s->src_node == sn)  
                            s->src_node = NULL;         
                        if (s->nat_src_node == sn) 
                            s->nat_src_node = NULL;     
                    }                   
                    sn->states = 0;     
                }               
+#endif
                sn->expire = 1; 
                killed++;       

This removes a bit too much code, that is zeroing of source's state counter.

Please find the next version of the patch here:
http://vegeta.tuxpowered.net/download/link-states-to-src_node-3.patch

This one also takes care of removing states linked to found sources if pfctl is 
given extra -c parameter (that can stand for "clear", I could not find any 
other free pfctl parameter better matching). Thanks to this parameter, the 
default behavior is not changed.

-- 
| pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD |
|  Kajetan Staszkiewicz  | jabber,email: vegeta()tuxpowered net  |
|        Vegeta          | www: http://vegeta.tuxpowered.net     |
`------------------------^---------------------------------------'