From owner-svn-src-projects@FreeBSD.ORG Mon Jun 4 13:41:23 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 27FE1106566C; Mon, 4 Jun 2012 13:41:23 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 128FE8FC19; Mon, 4 Jun 2012 13:41:23 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q54DfM9r044250; Mon, 4 Jun 2012 13:41:22 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q54DfMxR044243; Mon, 4 Jun 2012 13:41:22 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201206041341.q54DfMxR044243@svn.freebsd.org> From: Gleb Smirnoff Date: Mon, 4 Jun 2012 13:41:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r236561 - in projects/pf/head: contrib/pf/man contrib/pf/pfctl sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 13:41:23 -0000 Author: glebius Date: Mon Jun 4 13:41:22 2012 New Revision: 236561 URL: http://svn.freebsd.org/changeset/base/236561 Log: - Remove table zone and assiciated limit, tables are created only when user configures pf(4), no reason for separate zone and limit. - Catch up with r236364 to head: initialize kcounters zone. - Make kentry and kcounters zone private to pf_table.c Modified: projects/pf/head/contrib/pf/man/pf.4 projects/pf/head/contrib/pf/pfctl/pfctl.c projects/pf/head/sys/contrib/pf/net/pf.c projects/pf/head/sys/contrib/pf/net/pf_ioctl.c projects/pf/head/sys/contrib/pf/net/pf_table.c projects/pf/head/sys/contrib/pf/net/pfvar.h Modified: projects/pf/head/contrib/pf/man/pf.4 ============================================================================== --- projects/pf/head/contrib/pf/man/pf.4 Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/contrib/pf/man/pf.4 Mon Jun 4 13:41:22 2012 (r236561) @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 29 2012 +.Dd June 4 2012 .Dt PF 4 .Os .Sh NAME @@ -492,7 +492,7 @@ struct pfioc_limit { }; enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, - PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; + PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; .Ed .It Dv DIOCGETLIMIT Fa "struct pfioc_limit *pl" Get the hard Modified: projects/pf/head/contrib/pf/pfctl/pfctl.c ============================================================================== --- projects/pf/head/contrib/pf/pfctl/pfctl.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/contrib/pf/pfctl/pfctl.c Mon Jun 4 13:41:22 2012 (r236561) @@ -144,7 +144,6 @@ static const struct { { "states", PF_LIMIT_STATES }, { "src-nodes", PF_LIMIT_SRC_NODES }, { "frags", PF_LIMIT_FRAGS }, - { "tables", PF_LIMIT_TABLES }, { "table-entries", PF_LIMIT_TABLE_ENTRIES }, { NULL, 0 } }; @@ -1581,7 +1580,6 @@ pfctl_init_options(struct pfctl *pf) pf->limit[PF_LIMIT_STATES] = PFSTATE_HIWAT; pf->limit[PF_LIMIT_FRAGS] = PFFRAG_FRENT_HIWAT; pf->limit[PF_LIMIT_SRC_NODES] = PFSNODE_HIWAT; - pf->limit[PF_LIMIT_TABLES] = PFR_KTABLE_HIWAT; pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT; mib[0] = CTL_HW; Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf.c Mon Jun 4 13:41:22 2012 (r236561) @@ -714,16 +714,6 @@ pf_initialize() /* Unlinked, but may be referenced rules. */ TAILQ_INIT(&V_pf_unlinked_rules); mtx_init(&pf_unlnkdrules_mtx, "pf unlinked rules", NULL, MTX_DEF); - - /* XXXGL: sort this out */ - V_pfr_ktable_z = uma_zcreate("pf tables", - sizeof(struct pfr_ktable), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, - 0); - V_pf_limits[PF_LIMIT_TABLES].zone = V_pfr_ktable_z; - V_pfr_kentry_z = uma_zcreate("pf table entries", - sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, - 0); - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; } void @@ -765,8 +755,6 @@ pf_cleanup() uma_zdestroy(V_pf_sources_z); uma_zdestroy(V_pf_state_z); uma_zdestroy(V_pf_state_key_z); - uma_zdestroy(V_pfr_ktable_z); - uma_zdestroy(V_pfr_kentry_z); } static int Modified: projects/pf/head/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf_ioctl.c Mon Jun 4 13:41:22 2012 (r236561) @@ -250,14 +250,12 @@ pfattach(void) int error; pf_initialize(); + pfr_initialize(); pfi_initialize(); pf_normalize_init(); V_pf_limits[PF_LIMIT_STATES].limit = PFSTATE_HIWAT; V_pf_limits[PF_LIMIT_SRC_NODES].limit = PFSNODE_HIWAT; - V_pf_limits[PF_LIMIT_TABLES].limit = PFR_KTABLE_HIWAT; - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; - V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT; RB_INIT(&V_pf_anchors); pf_init_ruleset(&pf_main_ruleset); @@ -3782,6 +3780,7 @@ pf_unload(void) } pf_normalize_cleanup(); pfi_cleanup(); + pfr_cleanup(); pf_osfp_flush(); pf_cleanup(); PF_RULES_WUNLOCK(); Modified: projects/pf/head/sys/contrib/pf/net/pf_table.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf_table.c Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pf_table.c Mon Jun 4 13:41:22 2012 (r236561) @@ -118,10 +118,11 @@ struct pfr_walktree { #define senderr(e) do { rv = (e); goto _bad; } while (0) -VNET_DEFINE(uma_zone_t, pfr_ktable_z); -VNET_DEFINE(uma_zone_t, pfr_kentry_z); -VNET_DEFINE(uma_zone_t, pfr_kcounters_z); -#define V_pfr_kcounters_z VNET(pfr_kcounters_z) +static MALLOC_DEFINE(M_PFTABLE, "pf(4) table", "pf(4) tables structures"); +static VNET_DEFINE(uma_zone_t, pfr_kentry_z); +#define V_pfr_kentry_z VNET(pfr_kentry_z) +static VNET_DEFINE(uma_zone_t, pfr_kcounters_z); +#define V_pfr_kcounters_z VNET(pfr_kcounters_z) static struct pf_addr pfr_ffaddr = { .addr32 = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } @@ -185,6 +186,28 @@ struct pfr_ktablehead pfr_ktables; struct pfr_table pfr_nulltable; int pfr_ktable_cnt; +void +pfr_initialize(void) +{ + + V_pfr_kentry_z = uma_zcreate("pf table entries", + sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, + 0); + V_pfr_kcounters_z = uma_zcreate("pf table counters", + sizeof(struct pfr_kcounters), NULL, NULL, NULL, NULL, + UMA_ALIGN_PTR, 0); + V_pf_limits[PF_LIMIT_TABLE_ENTRIES].zone = V_pfr_kentry_z; + V_pf_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT; +} + +void +pfr_cleanup(void) +{ + + uma_zdestroy(V_pfr_kentry_z); + uma_zdestroy(V_pfr_kcounters_z); +} + int pfr_clr_addrs(struct pfr_table *tbl, int *ndel, int flags) { @@ -1776,7 +1799,7 @@ pfr_create_ktable(struct pfr_table *tbl, PF_RULES_WASSERT(); - kt = uma_zalloc(V_pfr_ktable_z, M_NOWAIT|M_ZERO); + kt = malloc(sizeof(*kt), M_PFTABLE, M_NOWAIT|M_ZERO); if (kt == NULL) return (NULL); kt->pfrkt_t = *tbl; @@ -1838,7 +1861,7 @@ pfr_destroy_ktable(struct pfr_ktable *kt kt->pfrkt_rs->tables--; pf_remove_if_empty_ruleset(kt->pfrkt_rs); } - uma_zfree(V_pfr_ktable_z, kt); + free(kt, M_PFTABLE); } static int Modified: projects/pf/head/sys/contrib/pf/net/pfvar.h ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 12:49:21 2012 (r236560) +++ projects/pf/head/sys/contrib/pf/net/pfvar.h Mon Jun 4 13:41:22 2012 (r236561) @@ -113,7 +113,7 @@ enum { PFTM_TCP_FIRST_PACKET, PFTM_TCP_O enum { PF_NOPFROUTE, PF_FASTROUTE, PF_ROUTETO, PF_DUPTO, PF_REPLYTO }; enum { PF_LIMIT_STATES, PF_LIMIT_SRC_NODES, PF_LIMIT_FRAGS, - PF_LIMIT_TABLES, PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; + PF_LIMIT_TABLE_ENTRIES, PF_LIMIT_MAX }; #define PF_POOL_IDMASK 0x0f enum { PF_POOL_NONE, PF_POOL_BITMASK, PF_POOL_RANDOM, PF_POOL_SRCHASH, PF_POOL_ROUNDROBIN }; @@ -1412,7 +1412,6 @@ struct pf_divert { #define PFFRAG_FRCENT_HIWAT 50000 /* Number of fragment cache entries */ #define PFFRAG_FRCACHE_HIWAT 10000 /* Number of fragment descriptors */ -#define PFR_KTABLE_HIWAT 1000 /* Number of tables */ #define PFR_KENTRY_HIWAT 200000 /* Number of table entries */ #define PFR_KENTRY_HIWAT_SMALL 100000 /* Number of table entries (tiny hosts) */ @@ -1732,10 +1731,6 @@ VNET_DECLARE(uma_zone_t, pf_state_z); #define V_pf_state_z VNET(pf_state_z) VNET_DECLARE(uma_zone_t, pf_state_key_z); #define V_pf_state_key_z VNET(pf_state_key_z) -VNET_DECLARE(uma_zone_t, pfr_ktable_z); -#define V_pfr_ktable_z VNET(pfr_ktable_z) -VNET_DECLARE(uma_zone_t, pfr_kentry_z); -#define V_pfr_kentry_z VNET(pfr_kentry_z) VNET_DECLARE(uma_zone_t, pf_state_scrub_z); #define V_pf_state_scrub_z VNET(pf_state_scrub_z) @@ -1852,6 +1847,8 @@ int pf_routable(struct pf_addr *addr, sa int); int pf_socket_lookup(int, struct pf_pdesc *); struct pf_state_key *pf_alloc_state_key(int); +void pfr_initialize(void); +void pfr_cleanup(void); int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, u_int64_t, int, int, int);