From owner-freebsd-pf@FreeBSD.ORG Fri Sep 24 04:44:50 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A381F16A4CE; Fri, 24 Sep 2004 04:44:50 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DC8F43D2F; Fri, 24 Sep 2004 04:44:50 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CAhwv-0007k7-00; Fri, 24 Sep 2004 06:44:49 +0200 Received: from [84.128.131.163] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CAhwv-0000Ar-00; Fri, 24 Sep 2004 06:44:49 +0200 From: Max Laier Date: Fri, 24 Sep 2004 06:43:46 +0200 User-Agent: KMail/1.7 To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2904552.CWkPNmFImX"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200409240643.53160.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: csjp@freebsd.org Subject: Looking for brave testers ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 04:44:50 -0000 --nextPart2904552.CWkPNmFImX Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi all, I am looking for brave women and men to test the unexplored depth of a shared lock for pf. This will allow to have "even more parallelism" in the network code. As a small benefit you also get rid of a LOR that is suspected to cause deadlocks. So what must be tested? http://people.freebsd.org/~mlaier/MEGA_DIFF_WITH_IPFW_AND_PF_SHARED_LOCK.diff That monster of a patch is a joint work of Christian S.J. Peron (csjp@) and myself. It modifies pfil_hooks to pass a struct inpcb. This is used to forward the *inp - that is handed to ip_output() for local sends - to the pfil consumers. This avoids a lookup and a LOR (caused by the lookup). It also changes IPFW and PF to use a shared/exclusive lock for the "rules". This allows more than one packet in the ruleset evaluation at a time ... How to test: 1) Get the patch, apply and install a kernel with it. Note that this breaks ABI for pfctl and friends. So make sure you rebuild and -install pfctl(8) at least. 2) Run the patched kernel on: - SMP hardware (p4 HT is fine) - with debug.mpsafenet=1 - with MPSAFE NICs - with a bunch of user/group rules. This is very, very ... very raw yet! IPFW is not ready in this version. Christian will post a version on freebsd-ipfw@, I guess. Nontheless, please test the pf part and give me feedback. I have it running fine on my router/gateway with ftp-proxy etc. ... so it can't be too bad. If you crash please try to get as much information as possible. Make sure you have WITNESS in the kernel. THANKS IN ADVANCE! -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2904552.CWkPNmFImX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBU6YJXyyEoT62BG0RAnurAJ9VoNb+k35sB3pmcx/GRt+2ogl3rQCeMDCU Lh04e5ihVoc8W+mCmqdskKY= =eKBX -----END PGP SIGNATURE----- --nextPart2904552.CWkPNmFImX--