Date: Wed, 14 Mar 2018 17:30:02 +0000 From: Steven Crangle <Steven@stream-technologies.com> To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Required modification for round robin napt with ip address prefixes Message-ID: <AM4PR07MB3186446455FD90C99E9B62C89BD10@AM4PR07MB3186.eurprd07.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
Hi, I was looking for some advice on the type of locking required to stop a box= panicking that utilises both napt and ip address prefixes. My colleague made a post a while ago, and we ended up getting distracted fi= xing other panics that showed up. But we've now returned to try and figure = out the issue. The relevant code is in pf_lb.c : 424 Currently, I've tried adding a PF_RULES_WLOCK() around the sections of code= in the round robin code path that call pfr_pool_get(). In order to do this= I had to add in a few Macros so that I could upgrade the already held read= lock to a write lock. I then wasn't sure whether to return (1), or keep t= rying to obtain the write lock. The latter results in a crashed box (guessi= ng it could never obtain the lock), and I'm unsure of the implications of r= eturning a failure code so frequently from that code path, I'd imagine it w= ould result in napt not working correctly. The second solution suggested the use of atomics, which I'm going to try ne= xt. I just wanted to confirm that the correct area to look at would be with= in pfr_pool_get() ? I can see that pidx is being modified within there, an= d counter also seems to be being used. I also might well be looking in completely the wrong direction! Thanks for any help Steven
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AM4PR07MB3186446455FD90C99E9B62C89BD10>