From owner-freebsd-net@FreeBSD.ORG Fri Mar 30 21:59:41 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4830216A403 for ; Fri, 30 Mar 2007 21:59:41 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.freebsd.org (Postfix) with ESMTP id 364FD13C46E for ; Fri, 30 Mar 2007 21:59:41 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.13.6) with ESMTP id l2ULxcP6088248; Fri, 30 Mar 2007 13:59:38 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id l2ULxckW088247; Fri, 30 Mar 2007 14:59:38 -0700 (PDT) (envelope-from rizzo) Date: Fri, 30 Mar 2007 14:59:38 -0700 From: Luigi Rizzo To: Julian Elischer Message-ID: <20070330145938.A88154@xorpc.icir.org> References: <460D75CE.70804@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <460D75CE.70804@elischer.org>; from julian@elischer.org on Fri, Mar 30, 2007 at 01:40:46PM -0700 Cc: FreeBSD Net , ipfw@freebsd.org Subject: Re: IPFW update frequency X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2007 21:59:41 -0000 On Fri, Mar 30, 2007 at 01:40:46PM -0700, Julian Elischer wrote: > I have been looking at the IPFW code recently, especially > with respect to locking. > There are some things that could be done to improve IPFW's > behaviour when processing packets, but some of these take a > toll (there is always a toll) on the 'updating' side of things. certainly ipfw was not designed with SMP in mind. If you can tell us what is your plan to make the list lock free (which one, the static or dynamic ones ?) maybe we can comment more. E.g. one option could be the usual trick of adding refcounts to the individual rules, and then using an array of pointers to them. While processing you grab a refcount to the array, and release it once done with the packet. If there is an addition or removal, you duplicate the array (which may be expensive for the large 20k rules mentioned), manipulate the copy and then atomically swap the pointers to the head. This might even work for dynamic rules as the lists (the content of each hash bucket) are typically short. cheers luigi