Date: Fri, 11 Jun 2004 22:17:15 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200406112217.i5BMHFfM064236@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004-06-11 22:17:15 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
Modify ip fw so that whenever UID or GID constraints exist in a
ruleset, the pcb is looked up once per ipfw_chk() activation.
This is done by extracting the required information out of the PCB
and caching it to the ipfw_chk() stack. This should greatly reduce
PCB looking contention and speed up the processing of UID/GID based
firewall rules (especially with large UID/GID rulesets).
Some very basic benchmarks were taken which compares the number
of in_pcblookup_hash(9) activations to the number of firewall
rules containing UID/GID based contraints before and after this patch.
The results can be viewed here:
o http://people.freebsd.org/~csjp/ip_fw_pcb.png
Reviewed by: andre, luigi, rwatson
Approved by: bmilekic (mentor)
Revision Changes Path
1.62 +77 -30 src/sys/netinet/ip_fw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406112217.i5BMHFfM064236>