From owner-svn-src-stable@freebsd.org Sat May 30 01:17:27 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 21B282F603F; Sat, 30 May 2020 01:17:27 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Yk7V75QMz3Y9Q; Sat, 30 May 2020 01:17:26 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EA1D220858; Sat, 30 May 2020 01:17:26 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04U1HQ0D016692; Sat, 30 May 2020 01:17:26 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04U1HQvt016691; Sat, 30 May 2020 01:17:26 GMT (envelope-from markj@FreeBSD.org) Message-Id: <202005300117.04U1HQvt016691@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Sat, 30 May 2020 01:17:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r361639 - in stable/12/sys: net netpfil/pf X-SVN-Group: stable-12 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: in stable/12/sys: net netpfil/pf X-SVN-Commit-Revision: 361639 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 May 2020 01:17:27 -0000 Author: markj Date: Sat May 30 01:17:26 2020 New Revision: 361639 URL: https://svnweb.freebsd.org/changeset/base/361639 Log: MFC r361095: pf: Add a new zone for per-table entry counters. Modified: stable/12/sys/net/pfvar.h stable/12/sys/netpfil/pf/pf_table.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/net/pfvar.h ============================================================================== --- stable/12/sys/net/pfvar.h Sat May 30 00:47:03 2020 (r361638) +++ stable/12/sys/net/pfvar.h Sat May 30 01:17:26 2020 (r361639) @@ -1000,6 +1000,8 @@ struct pfr_addr { enum { PFR_DIR_IN, PFR_DIR_OUT, PFR_DIR_MAX }; enum { PFR_OP_BLOCK, PFR_OP_PASS, PFR_OP_ADDR_MAX, PFR_OP_TABLE_MAX }; +enum { PFR_TYPE_PACKETS, PFR_TYPE_BYTES, PFR_TYPE_MAX }; +#define PFR_NUM_COUNTERS (PFR_DIR_MAX * PFR_OP_ADDR_MAX * PFR_TYPE_MAX) #define PFR_OP_XPASS PFR_OP_ADDR_MAX struct pfr_astats { @@ -1045,10 +1047,12 @@ union sockaddr_union { #endif /* _SOCKADDR_UNION_DEFINED */ struct pfr_kcounters { - counter_u64_t pfrkc_packets[PFR_DIR_MAX][PFR_OP_ADDR_MAX]; - counter_u64_t pfrkc_bytes[PFR_DIR_MAX][PFR_OP_ADDR_MAX]; + counter_u64_t pfrkc_counters; long pfrkc_tzero; }; +#define pfr_kentry_counter(kc, dir, op, t) \ + ((kc)->pfrkc_counters + \ + (dir) * PFR_OP_ADDR_MAX * PFR_TYPE_MAX + (op) * PFR_TYPE_MAX + (t)) SLIST_HEAD(pfr_kentryworkq, pfr_kentry); struct pfr_kentry { Modified: stable/12/sys/netpfil/pf/pf_table.c ============================================================================== --- stable/12/sys/netpfil/pf/pf_table.c Sat May 30 00:47:03 2020 (r361638) +++ stable/12/sys/netpfil/pf/pf_table.c Sat May 30 01:17:26 2020 (r361639) @@ -127,6 +127,8 @@ struct pfr_walktree { static MALLOC_DEFINE(M_PFTABLE, "pf_table", "pf(4) tables structures"); VNET_DEFINE_STATIC(uma_zone_t, pfr_kentry_z); #define V_pfr_kentry_z VNET(pfr_kentry_z) +VNET_DEFINE_STATIC(uma_zone_t, pfr_kentry_counter_z); +#define V_pfr_kentry_counter_z VNET(pfr_kentry_counter_z) static struct pf_addr pfr_ffaddr = { .addr32 = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } @@ -144,12 +146,8 @@ static void pfr_mark_addrs(struct pfr_ktable *); static struct pfr_kentry *pfr_lookup_addr(struct pfr_ktable *, struct pfr_addr *, int); -static bool pfr_create_kentry_counter(struct pfr_kentry *, int, - int); static struct pfr_kentry *pfr_create_kentry(struct pfr_addr *, bool); static void pfr_destroy_kentries(struct pfr_kentryworkq *); -static void pfr_destroy_kentry_counter(struct pfr_kcounters *, - int, int); static void pfr_destroy_kentry(struct pfr_kentry *); static void pfr_insert_kentries(struct pfr_ktable *, struct pfr_kentryworkq *, long); @@ -205,6 +203,9 @@ void pfr_initialize(void) { + V_pfr_kentry_counter_z = uma_zcreate("pf table entry counters", + PFR_NUM_COUNTERS * sizeof(uint64_t), NULL, NULL, NULL, NULL, + UMA_ALIGN_PTR, UMA_ZONE_PCPU); V_pfr_kentry_z = uma_zcreate("pf table entries", sizeof(struct pfr_kentry), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); @@ -217,6 +218,7 @@ pfr_cleanup(void) { uma_zdestroy(V_pfr_kentry_z); + uma_zdestroy(V_pfr_kentry_counter_z); } int @@ -785,27 +787,11 @@ pfr_lookup_addr(struct pfr_ktable *kt, struct pfr_addr return (ke); } -static bool -pfr_create_kentry_counter(struct pfr_kentry *ke, int pfr_dir, int pfr_op) -{ - counter_u64_t c; - - c = counter_u64_alloc(M_NOWAIT); - if (c == NULL) - return (false); - ke->pfrke_counters.pfrkc_packets[pfr_dir][pfr_op] = c; - c = counter_u64_alloc(M_NOWAIT); - if (c == NULL) - return (false); - ke->pfrke_counters.pfrkc_bytes[pfr_dir][pfr_op] = c; - return (true); -} - static struct pfr_kentry * pfr_create_kentry(struct pfr_addr *ad, bool counters) { struct pfr_kentry *ke; - int pfr_dir, pfr_op; + counter_u64_t c; ke = uma_zalloc(V_pfr_kentry_z, M_NOWAIT | M_ZERO); if (ke == NULL) @@ -819,15 +805,14 @@ pfr_create_kentry(struct pfr_addr *ad, bool counters) ke->pfrke_net = ad->pfra_net; ke->pfrke_not = ad->pfra_not; ke->pfrke_counters.pfrkc_tzero = 0; - if (counters) - for (pfr_dir = 0; pfr_dir < PFR_DIR_MAX; pfr_dir++) - for (pfr_op = 0; pfr_op < PFR_OP_ADDR_MAX; pfr_op++) { - if (!pfr_create_kentry_counter(ke, pfr_dir, - pfr_op)) { - pfr_destroy_kentry(ke); - return (NULL); - } - } + if (counters) { + c = uma_zalloc_pcpu(V_pfr_kentry_counter_z, M_NOWAIT | M_ZERO); + if (c == NULL) { + pfr_destroy_kentry(ke); + return (NULL); + } + ke->pfrke_counters.pfrkc_counters = c; + } return (ke); } @@ -843,26 +828,12 @@ pfr_destroy_kentries(struct pfr_kentryworkq *workq) } static void -pfr_destroy_kentry_counter(struct pfr_kcounters *kc, int pfr_dir, int pfr_op) +pfr_destroy_kentry(struct pfr_kentry *ke) { counter_u64_t c; - if ((c = kc->pfrkc_packets[pfr_dir][pfr_op]) != NULL) - counter_u64_free(c); - if ((c = kc->pfrkc_bytes[pfr_dir][pfr_op]) != NULL) - counter_u64_free(c); -} - -static void -pfr_destroy_kentry(struct pfr_kentry *ke) -{ - int pfr_dir, pfr_op; - - for (pfr_dir = 0; pfr_dir < PFR_DIR_MAX; pfr_dir ++) - for (pfr_op = 0; pfr_op < PFR_OP_ADDR_MAX; pfr_op ++) - pfr_destroy_kentry_counter(&ke->pfrke_counters, - pfr_dir, pfr_op); - + if ((c = ke->pfrke_counters.pfrkc_counters) != NULL) + uma_zfree_pcpu(V_pfr_kentry_counter_z, c); uma_zfree(V_pfr_kentry_z, ke); } @@ -935,28 +906,19 @@ pfr_clean_node_mask(struct pfr_ktable *kt, } static void -pfr_clear_kentry_counters(struct pfr_kentry *p, int pfr_dir, int pfr_op) -{ - counter_u64_zero(p->pfrke_counters.pfrkc_packets[pfr_dir][pfr_op]); - counter_u64_zero(p->pfrke_counters.pfrkc_bytes[pfr_dir][pfr_op]); -} - -static void pfr_clstats_kentries(struct pfr_ktable *kt, struct pfr_kentryworkq *workq, long tzero, int negchange) { struct pfr_kentry *p; - int pfr_dir, pfr_op; + int i; SLIST_FOREACH(p, workq, pfrke_workq) { if (negchange) p->pfrke_not = !p->pfrke_not; if ((kt->pfrkt_flags & PFR_TFLAG_COUNTERS) != 0) - for (pfr_dir = 0; pfr_dir < PFR_DIR_MAX; pfr_dir++) - for (pfr_op = 0; pfr_op < PFR_OP_ADDR_MAX; - pfr_op++) - pfr_clear_kentry_counters(p, pfr_dir, - pfr_op); + for (i = 0; i < PFR_NUM_COUNTERS; i++) + counter_u64_zero( + p->pfrke_counters.pfrkc_counters + i); p->pfrke_counters.pfrkc_tzero = tzero; } } @@ -1077,12 +1039,12 @@ pfr_copyout_astats(struct pfr_astats *as, const struct return; } - for (dir = 0; dir < PFR_DIR_MAX; dir ++) { + for (dir = 0; dir < PFR_DIR_MAX; dir++) { for (op = 0; op < PFR_OP_ADDR_MAX; op ++) { - as->pfras_packets[dir][op] = - counter_u64_fetch(kc->pfrkc_packets[dir][op]); - as->pfras_bytes[dir][op] = - counter_u64_fetch(kc->pfrkc_bytes[dir][op]); + as->pfras_packets[dir][op] = counter_u64_fetch( + pfr_kentry_counter(kc, dir, op, PFR_TYPE_PACKETS)); + as->pfras_bytes[dir][op] = counter_u64_fetch( + pfr_kentry_counter(kc, dir, op, PFR_TYPE_BYTES)); } } } @@ -2147,10 +2109,10 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr counter_u64_add(kt->pfrkt_bytes[dir_out][op_pass], len); if (ke != NULL && op_pass != PFR_OP_XPASS && (kt->pfrkt_flags & PFR_TFLAG_COUNTERS)) { - counter_u64_add(ke->pfrke_counters. - pfrkc_packets[dir_out][op_pass], 1); - counter_u64_add(ke->pfrke_counters. - pfrkc_bytes[dir_out][op_pass], len); + counter_u64_add(pfr_kentry_counter(&ke->pfrke_counters, + dir_out, op_pass, PFR_TYPE_PACKETS), 1); + counter_u64_add(pfr_kentry_counter(&ke->pfrke_counters, + dir_out, op_pass, PFR_TYPE_BYTES), len); } }