IPFW update frequency
Luigi Rizzo
rizzo at icir.org
Fri Mar 30 22:32:27 UTC 2007
On Fri, Mar 30, 2007 at 01:40:46PM -0700, Julian Elischer wrote:
> I have been looking at the IPFW code recently, especially
> with respect to locking.
> There are some things that could be done to improve IPFW's
> behaviour when processing packets, but some of these take a
> toll (there is always a toll) on the 'updating' side of things.
certainly ipfw was not designed with SMP in mind.
If you can tell us what is your plan to make the list lock free
(which one, the static or dynamic ones ?) maybe we can comment more.
E.g. one option could be the usual trick of adding refcounts to
the individual rules, and then using an array of pointers to them.
While processing you grab a refcount to the array, and release it once
done with the packet. If there is an addition or removal, you duplicate
the array (which may be expensive for the large 20k rules mentioned),
manipulate the copy and then atomically swap the pointers to the head.
This might even work for dynamic rules as the lists (the content of
each hash bucket) are typically short.
cheers
luigi
More information about the freebsd-ipfw
mailing list