From owner-svn-src-head@FreeBSD.ORG Mon Apr 27 17:37:36 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA56B1065676; Mon, 27 Apr 2009 17:37:36 +0000 (UTC) (envelope-from oleg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BDD4A8FC19; Mon, 27 Apr 2009 17:37:36 +0000 (UTC) (envelope-from oleg@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3RHba9G021375; Mon, 27 Apr 2009 17:37:36 GMT (envelope-from oleg@svn.freebsd.org) Received: (from oleg@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3RHbaLL021373; Mon, 27 Apr 2009 17:37:36 GMT (envelope-from oleg@svn.freebsd.org) Message-Id: <200904271737.n3RHbaLL021373@svn.freebsd.org> From: Oleg Bulyzhin Date: Mon, 27 Apr 2009 17:37:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r191570 - head/sys/netinet X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2009 17:37:37 -0000 Author: oleg Date: Mon Apr 27 17:37:36 2009 New Revision: 191570 URL: http://svn.freebsd.org/changeset/base/191570 Log: Optimize packet flow: if net.inet.ip.fw.one_pass != 0 and packet was processed by ipfw once - avoid second ipfw_chk() call. This saves us from unnecessary IPFW_RLOCK(), m_tag_find() calls and ip/tcp/udp header parsing. MFC after: 2 month Modified: head/sys/netinet/ip_fw2.c head/sys/netinet/ip_fw_pfil.c Modified: head/sys/netinet/ip_fw2.c ============================================================================== --- head/sys/netinet/ip_fw2.c Mon Apr 27 17:36:41 2009 (r191569) +++ head/sys/netinet/ip_fw2.c Mon Apr 27 17:37:36 2009 (r191570) @@ -2515,16 +2515,7 @@ do { \ /* * Packet has already been tagged. Look for the next rule * to restart processing. - * - * If fw_one_pass != 0 then just accept it. - * XXX should not happen here, but optimized out in - * the caller. */ - if (V_fw_one_pass) { - IPFW_RUNLOCK(chain); - return (IP_FW_PASS); - } - f = args->rule->next_rule; if (f == NULL) f = lookup_next_rule(args->rule, 0); Modified: head/sys/netinet/ip_fw_pfil.c ============================================================================== --- head/sys/netinet/ip_fw_pfil.c Mon Apr 27 17:36:41 2009 (r191569) +++ head/sys/netinet/ip_fw_pfil.c Mon Apr 27 17:37:36 2009 (r191570) @@ -51,7 +51,6 @@ __FBSDID("$FreeBSD$"); #include #include -#define _NET_IF_VAR_H_ /* we don't want if_var.h, only if.h */ #include #include #include @@ -63,6 +62,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include @@ -131,10 +131,14 @@ again: args.m = *m0; args.inp = inp; - ipfw = ipfw_chk(&args); - *m0 = args.m; tee = 0; + if (V_fw_one_pass == 0 || args.rule == NULL) { + ipfw = ipfw_chk(&args); + *m0 = args.m; + } else + ipfw = IP_FW_PASS; + KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL", __func__)); @@ -257,10 +261,14 @@ again: args.m = *m0; args.oif = ifp; args.inp = inp; - ipfw = ipfw_chk(&args); - *m0 = args.m; tee = 0; + if (V_fw_one_pass == 0 || args.rule == NULL) { + ipfw = ipfw_chk(&args); + *m0 = args.m; + } else + ipfw = IP_FW_PASS; + KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL", __func__));