cvs commit: src/sys/netinet ip_fw2.c

Christian S.J. Peron csjp at FreeBSD.org
Fri Jun 11 22:17:34 GMT 2004


csjp        2004-06-11 22:17:15 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          ip_fw2.c 
  Log:
  Modify ip fw so that whenever UID or GID constraints exist in a
  ruleset, the pcb is looked up once per ipfw_chk() activation.
  
  This is done by extracting the required information out of the PCB
  and caching it to the ipfw_chk() stack. This should greatly reduce
  PCB looking contention and speed up the processing of UID/GID based
  firewall rules (especially with large UID/GID rulesets).
  
  Some very basic benchmarks were taken which compares the number
  of in_pcblookup_hash(9) activations to the number of firewall
  rules containing UID/GID based contraints before and after this patch.
  
  The results can be viewed here:
  o http://people.freebsd.org/~csjp/ip_fw_pcb.png
  
  Reviewed by:    andre, luigi, rwatson
  Approved by:    bmilekic (mentor)
  
  Revision  Changes    Path
  1.62      +77 -30    src/sys/netinet/ip_fw2.c


More information about the cvs-src mailing list