From owner-svn-src-all@FreeBSD.ORG Thu Jan 8 00:31:50 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BD3DBF0C; Thu, 8 Jan 2015 00:31:50 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 28697931; Thu, 8 Jan 2015 00:31:49 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t080VkpP094351 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 8 Jan 2015 03:31:46 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t080VkXZ094350; Thu, 8 Jan 2015 03:31:46 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 8 Jan 2015 03:31:46 +0300 From: Gleb Smirnoff To: "Bjoern A. Zeeb" Subject: Re: svn commit: r276747 - head/sys/netpfil/pf Message-ID: <20150108003146.GL15484@FreeBSD.org> References: <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Craig Rodrigues , svn-src-head@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis , src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2015 00:31:50 -0000 On Thu, Jan 08, 2015 at 12:21:57AM +0000, Bjoern A. Zeeb wrote: B> B> > On 07 Jan 2015, at 20:46 , Gleb Smirnoff wrote: B> > B> > On Tue, Jan 06, 2015 at 09:03:04AM +0000, Craig Rodrigues wrote: B> > C> Author: rodrigc B> > C> Date: Tue Jan 6 09:03:03 2015 B> > C> New Revision: 276747 B> > C> URL: https://svnweb.freebsd.org/changeset/base/276747 B> > C> B> > C> Log: B> > C> Instead of creating a purge thread for every vnet, create B> > C> a single purge thread and clean up all vnets from this thread. B> > C> B> > C> PR: 194515 B> > C> Differential Revision: D1315 B> > C> Submitted by: Nikos Vassiliadis B> > B> > I am not sure that this is a good idea. The core idea of VNETs B> > is that they are isolated from each other. If we serialize purging, B> > then vnets are strongly affecting each other. B> > B> > AFAIU, from the PR there is some panic fixed. What is the actual bug B> > and why couldn't it be fixed with having per-vnet thread? B> B> You don’t 30000 whatever pf purging threads on a system all running, possibly competing for some resources, e.g., locks? Isn't a vnet, which is a jail, already a set of a dozen of processes? So, if you are speaking of "30000 whatever pf purging threads", then you already mean "1 mln whatever processes". Speaking of pf purging threads competing for resources. If someone wants really independent pfs in vnets, then locks should be virtualized as well. -- Totus tuus, Glebius.