Re: LibAlias in FreeBSD

From: Michael Pounov <misho_at_elwix.org>
Date: Fri, 27 May 2022 22:40:25 UTC 
On this callback I will attach my function from ipfw_sync driver.
This callback will return immediately with passed address. It will 
transfer just particular created list item like const pointer from In or 
Out arrays. I will read such data direct from Alias DB item without 
additional memory operations.

About ringbuffer in libalias. Now db is organized on two hash arrays 
with 4001 count of elements, which contains heads of the lists. I have 
second way which also can do the work. It was made from me like shadow 
tables for broadcom chip states into switch firmware before more then 10 
years ago. This approach don't touch original libalias structure, but 
have huge drawback. Delay from regular time by driven updates of shadow 
structures. I'm sure that isn't ok for router cluster cases. Because we 
have too small time when various packets can come on another router's 
ingress interface.

I still believe that way with hooks on Alias DB updates with export of 
original address of DB list member will be right approach to be done.  
Most fastest and efficient

Thanks from feedback.


On 2022-05-27 18:35, Lutz Donnerhacke wrote:
> On Fri, May 27, 2022 at 04:18:54PM +0300, Michael Pounov wrote:
>> Hello Charles Mott
>> 
>> I wrote this mail about my work with IPFW firewall.
>> I am started my work over IPFW Sync driver and protocol similar like 
>> in PF firewall.
>> My primery goal is to do sync on NAT states in firewall router 
>> cluster. About it, I need to know when NAT driver add, readd or delete 
>> alias to be notify from libalias
>> I see one good approach to achieve this, but I must to asking if 
>> existing hidden drawbacks for such approach the author of libalias.
> 
> As long as the callback is internal to the kernel, it might work.
> libalias is CPU bound, any additional work will slow down the system,
> especially when libalias is called from the interrupt level of network
> drivers.
> 
>> What are you thinking about such approach, change and hook of the 
>> existing code?
> 
> One can think about a ringbuffer which is filled by libalias and read 
> by a
> different type of code. If the other code is too slow, the ringbuffer 
> will
> override the entries. Please do not consider a dynamically allocated 
> buffer.