From owner-svn-src-head@FreeBSD.ORG Mon Jan 12 14:41:39 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B508E97B; Mon, 12 Jan 2015 14:41:39 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 33EE56E3; Mon, 12 Jan 2015 14:41:38 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t0CEfaQI020075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 12 Jan 2015 17:41:36 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t0CEfaNG020074; Mon, 12 Jan 2015 17:41:36 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 12 Jan 2015 17:41:36 +0300 From: Gleb Smirnoff To: "Bjoern A. Zeeb" Subject: Re: svn commit: r276747 - head/sys/netpfil/pf Message-ID: <20150112144136.GM15484@FreeBSD.org> References: <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <20150108003146.GL15484@FreeBSD.org> <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Craig Rodrigues , svn-src-head@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis , src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 14:41:39 -0000 On Thu, Jan 08, 2015 at 12:49:45AM +0000, Bjoern A. Zeeb wrote: B> > B> > AFAIU, from the PR there is some panic fixed. What is the actual bug B> > B> > and why couldn't it be fixed with having per-vnet thread? B> > B> B> > B> You don’t 30000 whatever pf purging threads on a system all running, possibly competing for some resources, e.g., locks? B> > B> > Isn't a vnet, which is a jail, already a set of a dozen of processes? So, B> > if you are speaking of "30000 whatever pf purging threads", then you B> > already mean “1 mln whatever processes". B> B> jail/VNETs can exist without a single process attached. B> B> But I guess the point is that there is only so much work we can do at the same time and we should be very careful in what we try to parallellellellize as with 5 vnets it might be fine, with a couple of thousand you may keep a system busy with itself. Let's admit that thousand of vnets all running pf is bizarre design and has no practical application. B> > Speaking of pf purging threads competing for resources. If someone wants B> > really independent pfs in vnets, then locks should be virtualized as well. B> B> No please don’t. The only places where we “virtualise” locks for VNETs is part of data structures which are vnet specific (virtualised). And the pf state tables (the data the purge threads work on) of course are vnet specific (virtualised). -- Totus tuus, Glebius.