From owner-freebsd-net Thu Mar 7 1:29: 7 2002 Delivered-To: freebsd-net@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 8622A37B426; Thu, 7 Mar 2002 01:28:48 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id 52817AE1FC; Thu, 7 Mar 2002 01:28:48 -0800 (PST) Date: Thu, 7 Mar 2002 01:28:48 -0800 From: Bill Fumerola To: Terry Lambert Cc: net@freebsd.org, hackers@freebsd.org Subject: Re: in_pcblookup_hash() called multiple times Message-ID: <20020307092848.GX803@elvis.mu.org> Reply-To: Bill Fumerola References: <3C86BD6B.3ADCB4F0@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C86BD6B.3ADCB4F0@mindspring.com> User-Agent: Mutt/1.3.27i X-Operating-System: FreeBSD 4.5-MUORG-20020215 i386 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 06, 2002 at 05:07:55PM -0800, Terry Lambert wrote: > There are redundant calls to the in_pcblookup_hash() in the > ip_fw_chk() function called via (*ip_fw_chk_ptr)() in the > ip_input path. in addition to what you're talking about, ipfw will repeat the hash lookup for every rule it goes through that has a uid or gid keyword. http://people.freebsd.org/~billf/bsdcon2000/presentation/graphics/countudpfromanytoanyuidbillf.png http://people.freebsd.org/~billf/bsdcon2000/presentation/graphics/counttcpfromanytoanyuidbillf.png 'old ipfw' = ipfw as of oct 2000 'new ipfw' = ipfw w/pcb cache + uid cache (as part of a compiled ruleset) in the compiled case, in_pcblookup_hash() is called the first time a uid needs compared. after that, uid lookups become a integer compare and not another call to in_pcblookup_hash(). gid lookups still use groupmember() each rule, but also don't have to do a pcb lookup each time. > Right now, I'm just talking about a way ip_input could pass > the already looked up input inpcb to tcp_input, udp_input, > or udp_ctlinput -- all of which repeat the lookup operation. my results are with a cached lookup just in the ipfw code, but if ip_input() did the lookup and passed it to both ipfw and the protocol handler that would be nice. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message