From owner-cvs-src@FreeBSD.ORG Tue Oct 19 21:58:07 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D1FA16A4CF for ; Tue, 19 Oct 2004 21:58:07 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DC9643D39 for ; Tue, 19 Oct 2004 21:58:06 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 62421 invoked from network); 19 Oct 2004 21:57:02 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 19 Oct 2004 21:57:02 -0000 Message-ID: <41758DF2.D3C1BD26@freebsd.org> Date: Tue, 19 Oct 2004 23:58:10 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Scott Long References: <200410192114.i9JLEvjQ001574@repoman.freebsd.org> <41758BF6.5020909@freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/modules/ipdivert Makefile src/sys/netinetin_proto.c ip_divert.c ip_divert.h ip_fw2.c ip_fw_pfil.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 21:58:07 -0000 Scott Long wrote: > > Andre Oppermann wrote: > > andre 2004-10-19 21:14:57 UTC > > > > FreeBSD src repository > > > > Modified files: > > sys/netinet in_proto.c ip_divert.c ip_divert.h > > ip_fw2.c ip_fw_pfil.c > > Added files: > > sys/modules/ipdivert Makefile > > Log: > > Convert IPDIVERT into a loadable module. This makes use of the dynamic loadability > > of protocols. The call to divert_packet() is done through a function pointer. All > > semantics of IPDIVERT remain intact. If IPDIVERT is not loaded ipfw will refuse to > > install divert rules and natd will complain about 'protocol not supported'. Once > > it is loaded both will work and accept rules and open the divert socket. The module > > can only be unloaded if no divert sockets are open. It does not close any divert > > sockets when an unload is requested but will return EBUSY instead. > > > > Revision Changes Path > > 1.1 +8 -0 src/sys/modules/ipdivert/Makefile (new) > > 1.75 +0 -13 src/sys/netinet/in_proto.c > > 1.101 +67 -8 src/sys/netinet/ip_divert.c > > 1.4 +10 -4 src/sys/netinet/ip_divert.h > > 1.82 +2 -4 src/sys/netinet/ip_fw2.c > > 1.11 +13 -8 src/sys/netinet/ip_fw_pfil.c > > This is interesting. Have you measured performance/latency with this > new scheme? Is it still possible to compile IPDIVERT into the kernel > and avoid the indirect calls? IPDIVERT can hardly be called a performance/latency critical path. The entire copyout of the packet to userland for nat'ing and copyin again make the function pointer indirection such a small factor that it doesn't make any difference whatsoever. ipfw used to be called through function pointers until I converted it to use pfil_hooks. But even there we go though function pointers for every packet. The same is true for the entire ip_protox[] system and the whole socket layer going through protosw[]. -- Andre