Date: Mon, 4 Jun 2012 13:41:22 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r236561 - in projects/pf/head: contrib/pf/man contrib/pf/pfctl sys/contrib/pf/net Message-ID: <201206041341.q54DfMxR044243@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Mon Jun 4 13:41:22 2012 New Revision: 236561 URL: http://svn.freebsd.org/changeset/base/236561 Log: - Remove table zone and assiciated limit, tables are created only when user configures pf(4), no reason for separate zone and limit. - Catch up with r236364 to head: initialize kcounters zone. - Make kentry and kcounters zone private to pf_table.c Modified: projects/pf/head/contrib/pf/man/pf.4 projects/pf/head/contrib/pf/pfctl/pfctl.c projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pf_ioctl.c projects/pf/head/sys/contrib/pf/net/pf_table.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/contrib/pf/man/pf.4 ============================================================================== --- projects/pf/head/contrib/pf/man/pf.4 Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/contrib/pf/man/pf.4 Mon Jun 4 13:41:22 2012 (r236561) @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 29 2012 +.Dd June 4 2012 .Dt PF 4 .Os .Sh NAME @@ -492,7 +492,7 @@ struct pfioc_limit { }; enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, - PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; + PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; .Ed .It Dv DIOCGETLIMIT Fa "struct pfioc_limit *pl" Get the hard Modified: projects/pf/head/contrib/pf/pfctl/pfctl.c ============================================================================== --- projects/pf/head/contrib/pf/pfctl/pfctl.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/contrib/pf/pfctl/pfctl.c Mon Jun 4 13:41:22 2012 (r236561) @@ -144,7 +144,6 @@ static const struct { { "states", PF_LIMIT_STATES }, { "src-nodes", PF_LIMIT_SRC_NODES }, { "frags", PF_LIMIT_FRAGS }, - { "tables", PF_LIMIT_TABLES }, { "table-entries", PF_LIMIT_TABLE_ENTRIES }, { NULL, 0 } }; @@ -1581,7 +1580,6 @@ pfctl_init_options(struct pfctl *pf) pf->limit[PF_LIMIT_STATES] = PFSTATE_HIWAT; pf->limit[PF_LIMIT_FRAGS] = PFFRAG_FRENT_HIWAT; pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT; - pf->limit[PF_LIMIT_TABLES] = PFR_KTABLE_HIWAT; pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT; mib[0] = CTL_HW; Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 13:41:22 2012 (r236561) @@ -714,16 +714,6 @@ pf_initialize() /* Unlinked, but may be referenced rules. */ TAILQ_INIT(&V_pf_unlinked_rules); mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF); - - /* XXXGL: sort this out */ - V_pfr_ktable_z = uma_zcreate("pf tables", - sizeof(struct pfr_ktable), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, - 0); - V_pf_limits[PF_LIMIT_TABLES].zone = V_pfr_ktable_z; - V_pfr_kentry_z = uma_zcreate("pf table entries", - sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, - 0); - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; } void @@ -765,8 +755,6 @@ pf_cleanup() uma_zdestroy(V_pf_sources_z); uma_zdestroy(V_pf_state_z); uma_zdestroy(V_pf_state_key_z); - uma_zdestroy(V_pfr_ktable_z); - uma_zdestroy(V_pfr_kentry_z); } static int Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 13:41:22 2012 (r236561) @@ -250,14 +250,12 @@ pfattach(void) int error; pf_initialize(); + pfr_initialize(); pfi_initialize(); pf_normalize_init(); V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT; V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT; - V_pf_limits[PF_LIMIT_TABLES].limit = PFR_KTABLE_HIWAT; - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT; RB_INIT(&V_pf_anchors); pf_init_ruleset(&pf_main_ruleset); @@ -3782,6 +3780,7 @@ pf_unload(void) } pf_normalize_cleanup(); pfi_cleanup(); + pfr_cleanup(); pf_osfp_flush(); pf_cleanup(); PF_RULES_WUNLOCK(); Modified: projects/pf/head/sys/contrib/pf/net/pf_table.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_table.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf_table.c Mon Jun 4 13:41:22 2012 (r236561) @@ -118,10 +118,11 @@ struct pfr_walktree { #define senderr(e) do { rv = (e); goto _bad; } while (0) -VNET_DEFINE(uma_zone_t, pfr_ktable_z); -VNET_DEFINE(uma_zone_t, pfr_kentry_z); -VNET_DEFINE(uma_zone_t, pfr_kcounters_z); -#define V_pfr_kcounters_z VNET(pfr_kcounters_z) +static MALLOC_DEFINE(M_PFTABLE, "pf(4) table", "pf(4) tables structures"); +static VNET_DEFINE(uma_zone_t, pfr_kentry_z); +#define V_pfr_kentry_z VNET(pfr_kentry_z) +static VNET_DEFINE(uma_zone_t, pfr_kcounters_z); +#define V_pfr_kcounters_z VNET(pfr_kcounters_z) static struct pf_addr pfr_ffaddr = { .addr32 = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } @@ -185,6 +186,28 @@ struct pfr_ktablehead pfr_ktables; struct pfr_table pfr_nulltable; int pfr_ktable_cnt; +void +pfr_initialize(void) +{ + + V_pfr_kentry_z = uma_zcreate("pf table entries", + sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, + 0); + V_pfr_kcounters_z = uma_zcreate("pf table counters", + sizeof(struct pfr_kcounters), NULL, NULL, NULL, NULL, + UMA_ALIGN_PTR, 0); + V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; + V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT; +} + +void +pfr_cleanup(void) +{ + + uma_zdestroy(V_pfr_kentry_z); + uma_zdestroy(V_pfr_kcounters_z); +} + int pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags) { @@ -1776,7 +1799,7 @@ pfr_create_ktable(struct pfr_table *tbl, PF_RULES_WASSERT(); - kt = uma_zalloc(V_pfr_ktable_z, M_NOWAIT|M_ZERO); + kt = malloc(sizeof(*kt), M_PFTABLE, M_NOWAIT|M_ZERO); if (kt == NULL) return (NULL); kt->pfrkt_t = *tbl; @@ -1838,7 +1861,7 @@ pfr_destroy_ktable(struct pfr_ktable *kt kt->pfrkt_rs->tables--; pf_remove_if_empty_ruleset(kt->pfrkt_rs); } - uma_zfree(V_pfr_ktable_z, kt); + free(kt, M_PFTABLE); } static int Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 13:41:22 2012 (r236561) @@ -113,7 +113,7 @@ enum { PFTM_TCP_FIRST_PACKET, PFTM_TCP_O enum { PF_NOPFROUTE, PF_FASTROUTE, PF_ROUTETO, PF_DUPTO, PF_REPLYTO }; enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, - PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; + PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; #define PF_POOL_IDMASK 0x0f enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM, PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN }; @@ -1412,7 +1412,6 @@ struct pf_divert { #define PFFRAG_FRCENT_HIWAT 50000 /* Number of fragment cache entries */ #define PFFRAG_FRCACHE_HIWAT 10000 /* Number of fragment descriptors */ -#define PFR_KTABLE_HIWAT 1000 /* Number of tables */ #define PFR_KENTRY_HIWAT 200000 /* Number of table entries */ #define PFR_KENTRY_HIWAT_SMALL 100000 /* Number of table entries (tiny hosts) */ @@ -1732,10 +1731,6 @@ VNET_DECLARE(uma_zone_t, pf_state_z); #define V_pf_state_z VNET(pf_state_z) VNET_DECLARE(uma_zone_t, pf_state_key_z); #define V_pf_state_key_z VNET(pf_state_key_z) -VNET_DECLARE(uma_zone_t, pfr_ktable_z); -#define V_pfr_ktable_z VNET(pfr_ktable_z) -VNET_DECLARE(uma_zone_t, pfr_kentry_z); -#define V_pfr_kentry_z VNET(pfr_kentry_z) VNET_DECLARE(uma_zone_t, pf_state_scrub_z); #define V_pf_state_scrub_z VNET(pf_state_scrub_z) @@ -1852,6 +1847,8 @@ int pf_routable(struct pf_addr *addr, sa int); int pf_socket_lookup(int, struct pf_pdesc *); struct pf_state_key *pf_alloc_state_key(int); +void pfr_initialize(void); +void pfr_cleanup(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, u_int64_t, int, int, int);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206041341.q54DfMxR044243>