Date: Fri, 27 Aug 2004 19:05:00 +0200 From: Andre Oppermann <andre@freebsd.org> To: Max Laier <max@love2party.net> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/share/man/man4 ipfirewall.4 src/share/man/man9 pfil.9 src/sys/alpha/conf GENERIC src/sys/amd64/conf GENERIC src/sys/conf NOTES files options src/sys/i386/conf GENERIC src/sys/ia64/conf GENERIC SKI src/sys/modules/bridge Makefile ... Message-ID: <412F69BC.51FDDA2E@freebsd.org> References: <200408271516.i7RFGO8L061926@repoman.freebsd.org> <200408271812.18748.max@love2party.net> <412F6108.8C380C17@freebsd.org> <200408271834.24506.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > > On Friday 27 August 2004 18:27, Andre Oppermann wrote: > > Max Laier wrote: > > > On Friday 27 August 2004 17:16, Andre Oppermann wrote: > > > > andre 2004-08-27 15:16:24 UTC > > > > > > > > FreeBSD src repository > > > > > > > > Modified files: > > > > share/man/man4 ipfirewall.4 > > > > share/man/man9 pfil.9 > > > > sys/alpha/conf GENERIC > > > > sys/amd64/conf GENERIC > > > > sys/conf NOTES files options > > > > sys/i386/conf GENERIC > > > > sys/ia64/conf GENERIC SKI > > > > sys/modules/bridge Makefile > > > > sys/net bridge.c > > > > sys/netinet ip_fastfwd.c ip_fw_pfil.c ip_input.c > > > > ip_output.c ip_var.h > > > > sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c > > > > ip6_var.h > > > > sys/pc98/conf GENERIC > > > > sys/powerpc/conf GENERIC > > > > sys/sparc64/conf GENERIC > > > > . UPDATING > > > > Log: > > > > Always compile PFIL_HOOKS into the kernel and remove the associated > > > > kernel compile option. All FreeBSD packet filters now use the > > > > PFIL_HOOKS API and thus it becomes a standard part of the network > > > > stack. > > > > > > > > If no hooks are connected the entire packet filter hooks section and > > > > related activities are jumped over. This removes any performance > > > > impact if no hooks are active. > > > > > > Great!!! > > > > > > Maybe we should hide: > > > if (inet_pfil_hook.ph_busy_count == -1) > > > behind a macro in case we modify the locking for pfil_hooks in the > > > future. I am thinking of something like: > > > if (PFIL_IS_EMPTY(&inet_pfil_hook)) > > > > Checking for (inet_pfil_hook.ph_busy_count == -1) is the official to see if > > there are any hooks connected. I don't think we need to abstract this in a > > macro. > > Well, having written the locking there I can tell you that ph_busy_count is > really an *internal* value of the locking and should not be used directly. At > least as long as we want to be able to change the locking at a later point. > > Right now pfil uses a handrolled sleep lock (as the default sx(9) lock is not > very suitable or fast) but this might change in the future. Using > ph_busy_count globaly will make that change more difficult. > > Moreover, I find PFIL_IS_EMPTY much easier to understand. Ok, you convinced me. I'm going to make it macro called PFIL_IS_HOOKED. This seems to be a little bit more descriptive than IS_EMPTY. IS_EMPTY is easy to confuse with some kind of packet queue or so (which PFIL_HOOKS isn't). -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412F69BC.51FDDA2E>