Looking for brave testers ...
max at love2party.net
Thu Sep 23 21:44:50 PDT 2004
I am looking for brave women and men to test the unexplored depth of a shared
lock for pf. This will allow to have "even more parallelism" in the network
code. As a small benefit you also get rid of a LOR that is suspected to cause
So what must be tested?
That monster of a patch is a joint work of Christian S.J. Peron (csjp@) and
myself. It modifies pfil_hooks to pass a struct inpcb. This is used to
forward the *inp - that is handed to ip_output() for local sends - to the
pfil consumers. This avoids a lookup and a LOR (caused by the lookup). It
also changes IPFW and PF to use a shared/exclusive lock for the "rules". This
allows more than one packet in the ruleset evaluation at a time ...
How to test:
1) Get the patch, apply and install a kernel with it. Note that this breaks
ABI for pfctl and friends. So make sure you rebuild and -install pfctl(8) at
2) Run the patched kernel on:
- SMP hardware (p4 HT is fine)
- with debug.mpsafenet=1
- with MPSAFE NICs
- with a bunch of user/group rules.
This is very, very ... very raw yet! IPFW is not ready in this version.
Christian will post a version on freebsd-ipfw@, I guess.
Nontheless, please test the pf part and give me feedback. I have it running
fine on my router/gateway with ftp-proxy etc. ... so it can't be too bad. If
you crash please try to get as much information as possible. Make sure you
have WITNESS in the kernel.
THANKS IN ADVANCE!
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040924/4a0d1588/attachment.bin
More information about the freebsd-pf