Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Mar 2020 12:54:43 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r359130 - head/sbin/pfctl
Message-ID:  <202003191254.02JCshpq086745@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kp
Date: Thu Mar 19 12:54:43 2020
New Revision: 359130
URL: https://svnweb.freebsd.org/changeset/base/359130

Log:
  pfctl: improve rule load times with thousands of interfaces
  
  r343287 / D18759 introduced ifa_add_groups_to_map() which is now run by
  ifa_load/ifa_lookup/host_if. When loading an anchor or ruleset via pfctl that
  does NOT contain ifnames as hosts, host() still ends up iterating all
  interfaces twice, grabbing SIOCGIFGROUP ioctl twice for each. This adds an
  unnecessary amount of time on systems with thousands or tens of thousands of
  interfaces.
  
  Prioritize the IPv4/6 check over the interface name lookup, which skips loading
  the iftab and iterating all interfaces when the configuration does not contain
  interface names.
  
  Submitted by:	Nick Rogers
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D24100

Modified:
  head/sbin/pfctl/pfctl_parser.c

Modified: head/sbin/pfctl/pfctl_parser.c
==============================================================================
--- head/sbin/pfctl/pfctl_parser.c	Thu Mar 19 12:22:20 2020	(r359129)
+++ head/sbin/pfctl/pfctl_parser.c	Thu Mar 19 12:54:43 2020	(r359130)
@@ -1563,16 +1563,17 @@ host(const char *s)
 		mask = -1;
 	}
 
-	/* interface with this name exists? */
-	if (cont && (h = host_if(ps, mask)) != NULL)
-		cont = 0;
-
 	/* IPv4 address? */
 	if (cont && (h = host_v4(s, mask)) != NULL)
 		cont = 0;
 
 	/* IPv6 address? */
 	if (cont && (h = host_v6(ps, v6mask)) != NULL)
+		cont = 0;
+
+	/* interface with this name exists? */
+	/* expensive with thousands of interfaces - prioritze IPv4/6 check */
+	if (cont && (h = host_if(ps, mask)) != NULL)
 		cont = 0;
 
 	/* dns lookup */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003191254.02JCshpq086745>