Date: Tue, 14 Aug 2018 16:15:48 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "Kajetan Staszkiewicz" <vegeta@tuxpowered.net> Cc: freebsd-pf@freebsd.org Subject: Re: pf tables locking Message-ID: <69D19AE4-2F17-4DBC-AF62-A2489049FC9C@FreeBSD.org> In-Reply-To: <1546233.jncNNXsBuh@energia> References: <8680316.SccKl5VnxN@energia> <2313127.kTuY2QdDqf@energia> <A308CDBA-61DD-4684-B76B-E25BCCC621C6@FreeBSD.org> <1546233.jncNNXsBuh@energia>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14 Aug 2018, at 0:32, Kajetan Staszkiewicz wrote: > On Monday, 13 August 2018 17:59:15 CEST Kristof Provost wrote: > How about this? > > https://github.com/innogames/freebsd/commit/ > d44a0d9487285fac8ed1d7372cc99cca83f616e6 > That looks good to me. There’s a few minor issues, things like inconsistent indentation and overly long lines, but that’s about the only criticism I have. >> Do you have a bit more information about your use case? What are you >> trying >> to accomplish with this change? > > I have a loadbalancer which uses pf and route-to targets. After a > server is > added to a pool, I want this server to immediately take over much > traffic. > With round-robin the server receives new clients rather slowly. If > kernel > could measure amount of states per table entry, I could send new > clients to > this new server until it serves as many clients as other servers. > I see. I’m not quite sure yet if that’s a feature we want to import or not, but at least your ‘support’ patches should probably go in. The above one certainly. >>> There are some more issues I found around pf_map_addr. Some of them >>> I >>> mentioned in >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092. >>> Some >>> more came out while working on this least-states loadbalancing. I >>> will >>> group them into something meaningful and make another PR for them. >> >> Yeah, that bug is still on my todo list somewhere, but things are >> extremely >> hectic at the moment, and I can’t make any promises about when >> I’ll have >> time for it. > > I thought that was rather on my todo :) > I’m not going to stop you. I love it when other people do the work ;) Regards, Kristof From owner-freebsd-pf@freebsd.org Tue Aug 14 16:35:25 2018 Return-Path: <owner-freebsd-pf@freebsd.org> Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A2A7107D9BA for <freebsd-pf@mailman.ysv.freebsd.org>; Tue, 14 Aug 2018 16:35:25 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com [IPv6:2a00:1450:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 80D76790DE for <freebsd-pf@freebsd.org>; Tue, 14 Aug 2018 16:35:24 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: by mail-ed1-x542.google.com with SMTP id f23-v6so10427020edr.11 for <freebsd-pf@freebsd.org>; Tue, 14 Aug 2018 09:35:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:organization:user-agent :in-reply-to:references:mime-version; bh=r/Jhs7OH5mceuwNBOd2aS6JinlrM8MYzirO/urIz0fE=; b=vrB9iqdzXSVfmCierAqM+6rB4A/ISFVkvAkG56YvauAHpQzG0bMtSRydYrJuyeNB77 u8U3/X4Xhw0NHa0cRCIriZenO03SJGjfKQ2aKu9Ski/GZMNSEFRY9yd9NwxaxVVajP/C 1svAiZBRYwbme25o2uWq5jsSHv6k6mxM7webhT19WSVUyzlIOPVPRumlq9Gb/cTyRgzh PCSVMjRmtM+DIKZXm9fyTLzV0GKsdVQl6v+gJjOCax4VEGBgdZAANAKI5W91I2WMbnKn kP3HnxFgUuM1lXCTIe8Cwaqd/hTHVxnHAJdWeIZZZorf96Rg0Y+6ec4KS6Odw4ukLFh6 A5tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:organization :user-agent:in-reply-to:references:mime-version; bh=r/Jhs7OH5mceuwNBOd2aS6JinlrM8MYzirO/urIz0fE=; b=O8MynTTKHmBDOlmhX3CKy2NDzSroaZNAxA+JBHxZtiXjpY//Vdf3cYe4GWmjpUHQix VQwXUpbgY+LDeheHpt3xDSD47l1RaMeYLVlZw55cBkqZiha23P+qFZ2gMgqzK+Tv84YQ Wq8HfrGjzu/s6D5unJWJjo6w/N+FtVAzXhf+Xt1Cmgw/xlsE4YHPELa/xVsAhkovurRY EV2YiXKs5wCU8sZ4IfnhhYam1L8fMOwrSV7rJDNjhPveAth5/I8yXc8j6bEyRa6URWyZ JvxndCZs7eIFq4PQY6V/hizveREOWEnXAsL/S1VkyuqGxWjk5utwZ6eXVx+o3ILyN55j R2vw== X-Gm-Message-State: AOUpUlExsaTn60lUoCxLEQ1PXs/JnQ6O9nRizs6uVC14rCIHhRaa31Li sO6ISTBe6Pj29tQAcCAzJw5BTZVvhOg= X-Google-Smtp-Source: AA+uWPyRIRUus7KuuPPZt7nC/05Tra/RqBqOjLXVu2MqvmIe3Yq3YD9uYkETwic+CiZoFoYxj7YB2A== X-Received: by 2002:a50:aa43:: with SMTP id p3-v6mr28598014edc.233.1534264523255; Tue, 14 Aug 2018 09:35:23 -0700 (PDT) Received: from energia.localnet ([212.48.107.10]) by smtp.gmail.com with ESMTPSA id a15-v6sm22330205edd.47.2018.08.14.09.35.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Aug 2018 09:35:22 -0700 (PDT) From: Kajetan Staszkiewicz <vegeta@tuxpowered.net> To: Kristof Provost <kp@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: pf tables locking Date: Tue, 14 Aug 2018 18:35:16 +0200 Message-ID: <13826523.m2ultlLLsi@energia> Organization: tuxpowered.net User-Agent: KMail/5.2.3 (Linux/4.16.0-16.2-liquorix-amd64; KDE/5.28.0; x86_64; ; ) In-Reply-To: <69D19AE4-2F17-4DBC-AF62-A2489049FC9C@FreeBSD.org> References: <8680316.SccKl5VnxN@energia> <1546233.jncNNXsBuh@energia> <69D19AE4-2F17-4DBC-AF62-A2489049FC9C@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1543202.jXq12AkZmL"; micalg="pgp-sha1"; protocol="application/pgp-signature" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>; List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 14 Aug 2018 16:35:25 -0000 --nextPart1543202.jXq12AkZmL Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" On Tuesday, 14 August 2018 16:15:48 CEST Kristof Provost wrote: > On 14 Aug 2018, at 0:32, Kajetan Staszkiewicz wrote: > > On Monday, 13 August 2018 17:59:15 CEST Kristof Provost wrote: > > How about this? > >=20 > > https://github.com/innogames/freebsd/commit/ > > d44a0d9487285fac8ed1d7372cc99cca83f616e6 >=20 > That looks good to me. > There=E2=80=99s a few minor issues, things like inconsistent indentation = and > overly long lines, but that=E2=80=99s about the only criticism I have. I fixed some issues with unallocated counters and submitted bug 230619. > I see. I=E2=80=99m not quite sure yet if that=E2=80=99s a feature we want= to import > or not, > but at least your =E2=80=98support=E2=80=99 patches should probably go in= =2E The above > one certainly. There are some more things which require changes before I can do least- connections balancing. If you have a moment, please have a look at https://github.com/innogames/ freebsd/commits/iglb/11.2/GetOnWithIt_2 , maybe some of those things can ge= t=20 imported anyway, like full support for counters of states. > >> Yeah, that bug is still on my todo list somewhere, but things are > >> extremely > >> hectic at the moment, and I can=E2=80=99t make any promises about when > >> I=E2=80=99ll have > >> time for it. > >=20 > > I thought that was rather on my todo :) >=20 > I=E2=80=99m not going to stop you. I love it when other people do the wor= k ;) Since I have you here, let me explain the issues I see with pf_map_addr(). = =46or=20 round-robin target a list of interface,table pairs can be specified. This l= ist=20 is iterated and within each table addresses are iterated too. There is no=20 locking around it "because performance is assumed more important than round- robin precision" according to comment in code. Yet I believe there are way more serious issues possible with the current=20 approach. Interface is in fact picked up outside of pf_map_addr(). Another= =20 thread could have already moved the rpool->counter to another table for whi= ch=20 the interface is not valid anymore. I came up with this: https://github.com/innogames/freebsd/commit/ 61ffb96a4dc948a0b06204ff39210c0578f77f08 although without locking this is=20 still not really a solution. It only moves interface selection to inside of= =20 pf_map_addr() Another one is https://github.com/innogames/freebsd/commit/ 8fe6cd2d820052d2166afbaa311f34318a41db48 which stores table used for=20 loadbalancing in state and src_node. Then the table can be used for state=20 counting. The 2 patches above are also included in the first link I gave above. =2D-=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --nextPart1543202.jXq12AkZmL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCW3MExAAKCRDjtFCvbXs6 FGV3AJ47XVjgEPfb2BtwpORCuNfQVuG+eACg1jPfpc6+llVR/vyBdA6RgusU/YM= =v6SD -----END PGP SIGNATURE----- --nextPart1543202.jXq12AkZmL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69D19AE4-2F17-4DBC-AF62-A2489049FC9C>