From owner-svn-src-head@FreeBSD.ORG Mon Jan 12 16:12:57 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 902ADC66; Mon, 12 Jan 2015 16:12:57 +0000 (UTC) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 305B910E; Mon, 12 Jan 2015 16:12:57 +0000 (UTC) Received: by mail-wg0-f47.google.com with SMTP id n12so20210045wgh.6; Mon, 12 Jan 2015 08:12:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=J+JFSwdqmPLZGD1y9mA5XPyQsHrWZHnlYvFnw5gMNU8=; b=KcQx57JldfxKEDSqEf6A4zvxkEKkf5zo94OBgo+Sn5a3Fl9dbfxriUF1C8DX1vNTmA b/cbchytXsNK9y04Ab/rkZxIwi/xr6xyz0+9jIsSGabPqKwbTyLEyqFr2TNCNR7KxEZq b2qRbefVxDIW3hTuQ7iOi1+FD0tIDgRc7fh1eO8JQxD2PBdMrCVUPOM3ES//oG8Fu1ze LzT17jXu39FdSqf/xmAvdifrzdBV3ekgO+NP89PsNa+t/UtreHf+hlzBTHzk/3Hw46Ux nAKDPCzWl5ra33dXrPusfDbZbu0JgWEFgaCXKP4/pcmZiBAhjy5RujKW5srztR8yOER7 /ztA== MIME-Version: 1.0 X-Received: by 10.194.24.103 with SMTP id t7mr60548561wjf.15.1421079175497; Mon, 12 Jan 2015 08:12:55 -0800 (PST) Sender: adrian.chadd@gmail.com Received: by 10.216.41.136 with HTTP; Mon, 12 Jan 2015 08:12:55 -0800 (PST) In-Reply-To: <20150112160554.GA2190@zxy.spb.ru> References: <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <20150108003146.GL15484@FreeBSD.org> <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net> <20150112144136.GM15484@FreeBSD.org> <20150112160554.GA2190@zxy.spb.ru> Date: Mon, 12 Jan 2015 08:12:55 -0800 X-Google-Sender-Auth: dQQ1iyPt-8tpZgSIqpLBkrBNVic Message-ID: Subject: Re: svn commit: r276747 - head/sys/netpfil/pf From: Adrian Chadd To: Slawa Olhovchenkov Content-Type: text/plain; charset=UTF-8 Cc: Craig Rodrigues , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , Nikos Vassiliadis , Gleb Smirnoff , "svn-src-head@freebsd.org" , "Bjoern A. Zeeb" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2015 16:12:57 -0000 On 12 January 2015 at 08:05, Slawa Olhovchenkov wrote: > On Mon, Jan 12, 2015 at 05:41:36PM +0300, Gleb Smirnoff wrote: > >> On Thu, Jan 08, 2015 at 12:49:45AM +0000, Bjoern A. Zeeb wrote: >> B> > B> > AFAIU, from the PR there is some panic fixed. What is the actual bug >> B> > B> > and why couldn't it be fixed with having per-vnet thread? >> B> > B> >> B> > B> You don't 30000 whatever pf purging threads on a system all running, possibly competing for some resources, e.g., locks? >> B> > >> B> > Isn't a vnet, which is a jail, already a set of a dozen of processes? So, >> B> > if you are speaking of "30000 whatever pf purging threads", then you >> B> > already mean "1 mln whatever processes". >> B> >> B> jail/VNETs can exist without a single process attached. >> B> >> B> But I guess the point is that there is only so much work we can do at the same time and we should be very careful in what we try to parallellellellize as with 5 vnets it might be fine, with a couple of thousand you may keep a system busy with itself. >> >> Let's admit that thousand of vnets all running pf is bizarre design >> and has no practical application. > > Hosted firewall/NAT for ISP/Data centers. Then let's bite the bullet and setup some per-"something" (maybe CPU, maybe RSS, etc) global taskqueues to run cooperative multitasked bits like this on. This isn't the only thing that we'll want to have potentially tens of thousands of, but not have tens of thousands of worker threads. -adrian