Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Jan 2015 00:49:45 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Gleb Smirnoff <glebius@FreeBSD.org>
Cc:        Craig Rodrigues <rodrigc@FreeBSD.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis <nvass@gmx.com>, src-committers@freebsd.org
Subject:   Re: svn commit: r276747 - head/sys/netpfil/pf
Message-ID:  <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net>
In-Reply-To: <20150108003146.GL15484@FreeBSD.org>
References:  <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <AEFC5AEF-7700-426A-96D3-A14BF68CA9BC@lists.zabbadoz.net> <20150108003146.GL15484@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help

> On 08 Jan 2015, at 00:31 , Gleb Smirnoff <glebius@FreeBSD.org> wrote:
>=20
> On Thu, Jan 08, 2015 at 12:21:57AM +0000, Bjoern A. Zeeb wrote:
> B>=20
> B> > On 07 Jan 2015, at 20:46 , Gleb Smirnoff <glebius@freebsd.org> =
wrote:
> B> >=20
> B> > On Tue, Jan 06, 2015 at 09:03:04AM +0000, Craig Rodrigues wrote:
> B> > C> Author: rodrigc
> B> > C> Date: Tue Jan  6 09:03:03 2015
> B> > C> New Revision: 276747
> B> > C> URL: https://svnweb.freebsd.org/changeset/base/276747
> B> > C>=20
> B> > C> Log:
> B> > C>   Instead of creating a purge thread for every vnet, create
> B> > C>   a single purge thread and clean up all vnets from this =
thread.
> B> > C>  =20
> B> > C>   PR:                     194515
> B> > C>   Differential Revision:  D1315
> B> > C>   Submitted by:           Nikos Vassiliadis <nvass@gmx.com>
> B> >=20
> B> > I am not sure that this is a good idea. The core idea of VNETs
> B> > is that they are isolated from each other. If we serialize =
purging,
> B> > then vnets are strongly affecting each other.
> B> >=20
> B> > AFAIU, from the PR there is some panic fixed. What is the actual =
bug
> B> > and why couldn't it be fixed with having per-vnet thread?
> B>=20
> B> You don=E2=80=99t 30000 whatever pf purging threads on a system all =
running, possibly competing for some resources, e.g., locks?
>=20
> Isn't a vnet, which is a jail, already a set of a dozen of processes? =
So,
> if you are speaking of "30000 whatever pf purging threads", then you
> already mean =E2=80=9C1 mln whatever processes".

jail/VNETs can exist without a single process attached.

But I guess the point is that there is only so much work we can do at =
the same time and we should be very careful in what we try to =
parallellellellize as with 5 vnets it might be fine, with a couple of =
thousand you may keep a system busy with itself.


> Speaking of pf purging threads competing for resources. If someone =
wants
> really independent pfs in vnets, then locks should be virtualized as =
well.

No please don=E2=80=99t.  The only places where we =E2=80=9Cvirtualise=E2=80=
=9D locks for VNETs is part of data structures which are vnet specific =
(virtualised).

=E2=80=94=20
Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life.  Many might have failed
 beneath the bitterness of their trial  had they not found a friend."




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63857483-2879-4620-87EF-FE76197AB99B>