From owner-freebsd-pf@FreeBSD.ORG  Sat Jun  8 14:11:40 2013
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 5BCB446B
 for <freebsd-pf@freebsd.org>; Sat,  8 Jun 2013 14:11:40 +0000 (UTC)
 (envelope-from nvass@gmx.com)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
 by mx1.freebsd.org (Postfix) with ESMTP id 058351B26
 for <freebsd-pf@freebsd.org>; Sat,  8 Jun 2013 14:11:40 +0000 (UTC)
Received: from [192.168.44.130] ([80.237.234.148]) by mail.gmx.com (mrgmx101)
 with ESMTPSA (Nemesis) id 0MWwp6-1UqqCK03MK-00W0P9 for
 <freebsd-pf@freebsd.org>; Sat, 08 Jun 2013 16:11:36 +0200
Message-ID: <51B33B8B.9050006@gmx.com>
Date: Sat, 08 Jun 2013 16:11:23 +0200
From: Nikos Vassiliadis <nvass@gmx.com>
User-Agent: Mozilla/5.0 (X11; Linux i686;
 rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Subject: de-virtualize pf sysctls
Content-Type: multipart/mixed; boundary="------------090806000609060806010909"
X-Provags-ID: V03:K0:U4Rttue2ha4cYHfYqRORWPaOUuWA5S4DTnbkF76H00PmCmdlxBQ
 khFIhtW8rsrKWWQOQ+19f9gwkjrw6ArcQa45z8OqMURGvQD2MCI68l+lxrDwtVNLVQudMjj
 ihUca606mZvOHi4M0l3ENYxL1DNhBEuk9dZaWLBHAMeqbrfUck/+mD0h09SZc534VYvc5K7
 e/zIj3xxRht1N0+dvxV/Q==
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jun 2013 14:11:40 -0000

This is a multi-part message in MIME format.
--------------090806000609060806010909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

Please review this patch. These two variables are RO-tunables and
cannot be changed at runtime. As such, it is not useful to
virtualize them.

Thanks,
Nikos

--------------090806000609060806010909
Content-Type: text/plain; charset=UTF-8;
 name="pf.patch.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="pf.patch.txt"

Index: sys/netpfil/pf/pf.c
===================================================================
--- sys/netpfil/pf/pf.c	(revision 251514)
+++ sys/netpfil/pf/pf.c	(working copy)
@@ -359,15 +359,13 @@ VNET_DEFINE(u_long, pf_srchashmask);
 
 SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");
 
-VNET_DEFINE(u_long, pf_hashsize);
-#define	V_pf_hashsize	VNET(pf_hashsize)
-SYSCTL_VNET_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
-    &VNET_NAME(pf_hashsize), 0, "Size of pf(4) states hashtable");
+static u_long	pf_hashsize;
+static u_long	pf_srchashsize;
 
-VNET_DEFINE(u_long, pf_srchashsize);
-#define	V_pf_srchashsize	VNET(pf_srchashsize)
+SYSCTL_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
+    &pf_hashsize, 0, "Size of pf(4) states hashtable");
 SYSCTL_VNET_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
-    &VNET_NAME(pf_srchashsize), 0, "Size of pf(4) source nodes hashtable");
+    &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
 
 VNET_DEFINE(void *, pf_swi_cookie);
 
@@ -698,12 +696,12 @@ pf_initialize()
 	struct pf_srchash	*sh;
 	u_int i;
 
-	TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &V_pf_hashsize);
-	if (V_pf_hashsize == 0 || !powerof2(V_pf_hashsize))
-		V_pf_hashsize = PF_HASHSIZ;
-	TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &V_pf_srchashsize);
-	if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize))
-		V_pf_srchashsize = PF_HASHSIZ / 4;
+	TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &pf_hashsize);
+	if (pf_hashsize == 0 || !powerof2(pf_hashsize))
+		pf_hashsize = PF_HASHSIZ;
+	TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &pf_srchashsize);
+	if (pf_srchashsize == 0 || !powerof2(pf_srchashsize))
+		pf_srchashsize = PF_HASHSIZ / 4;
 
 	V_pf_hashseed = arc4random();
 
@@ -717,11 +715,11 @@ pf_initialize()
 	V_pf_state_key_z = uma_zcreate("pf state keys",
 	    sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
 	    UMA_ALIGN_PTR, 0);
-	V_pf_keyhash = malloc(V_pf_hashsize * sizeof(struct pf_keyhash),
+	V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
 	    M_PFHASH, M_WAITOK | M_ZERO);
-	V_pf_idhash = malloc(V_pf_hashsize * sizeof(struct pf_idhash),
+	V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
 	    M_PFHASH, M_WAITOK | M_ZERO);
-	V_pf_hashmask = V_pf_hashsize - 1;
+	V_pf_hashmask = pf_hashsize - 1;
 	for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
 	    i++, kh++, ih++) {
 		mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF);
@@ -735,9 +733,9 @@ pf_initialize()
 	V_pf_limits[PF_LIMIT_SRC_NODES].zone = V_pf_sources_z;
 	uma_zone_set_max(V_pf_sources_z, PFSNODE_HIWAT);
 	uma_zone_set_warning(V_pf_sources_z, "PF source nodes limit reached");
-	V_pf_srchash = malloc(V_pf_srchashsize * sizeof(struct pf_srchash),
+	V_pf_srchash = malloc(pf_srchashsize * sizeof(struct pf_srchash),
 	  M_PFHASH, M_WAITOK|M_ZERO);
-	V_pf_srchashmask = V_pf_srchashsize - 1;
+	V_pf_srchashmask = pf_srchashsize - 1;
 	for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++)
 		mtx_init(&sh->lock, "pf_srchash", NULL, MTX_DEF);
 

--------------090806000609060806010909--