cvs commit: src/share/man/man4 ipfirewall.4 src/share/man/man9 pfil.9 src/sys/alpha/conf GENERIC src/sys/amd64/conf GENERIC src/sys/conf NOTES files options src/sys/i386/conf GENERIC src/sys/ia64/conf GENERIC SKI src/sys/modules/bridge Makefile ...

Andre Oppermann andre at freebsd.org
Fri Aug 27 10:04:58 PDT 2004 

Max Laier wrote:
> 
> On Friday 27 August 2004 18:27, Andre Oppermann wrote:
> > Max Laier wrote:
> > > On Friday 27 August 2004 17:16, Andre Oppermann wrote:
> > > > andre       2004-08-27 15:16:24 UTC
> > > >
> > > >   FreeBSD src repository
> > > >
> > > >   Modified files:
> > > >     share/man/man4       ipfirewall.4
> > > >     share/man/man9       pfil.9
> > > >     sys/alpha/conf       GENERIC
> > > >     sys/amd64/conf       GENERIC
> > > >     sys/conf             NOTES files options
> > > >     sys/i386/conf        GENERIC
> > > >     sys/ia64/conf        GENERIC SKI
> > > >     sys/modules/bridge   Makefile
> > > >     sys/net              bridge.c
> > > >     sys/netinet          ip_fastfwd.c ip_fw_pfil.c ip_input.c
> > > >                          ip_output.c ip_var.h
> > > >     sys/netinet6         ip6_forward.c ip6_input.c ip6_output.c
> > > >                          ip6_var.h
> > > >     sys/pc98/conf        GENERIC
> > > >     sys/powerpc/conf     GENERIC
> > > >     sys/sparc64/conf     GENERIC
> > > >     .                    UPDATING
> > > >   Log:
> > > >   Always compile PFIL_HOOKS into the kernel and remove the associated
> > > > kernel compile option.  All FreeBSD packet filters now use the
> > > > PFIL_HOOKS API and thus it becomes a standard part of the network
> > > > stack.
> > > >
> > > >   If no hooks are connected the entire packet filter hooks section and
> > > > related activities are jumped over.  This removes any performance
> > > > impact if no hooks are active.
> > >
> > > Great!!!
> > >
> > > Maybe we should hide:
> > >   if (inet_pfil_hook.ph_busy_count == -1)
> > > behind a macro in case we modify the locking for pfil_hooks in the
> > > future. I am thinking of something like:
> > >  if (PFIL_IS_EMPTY(&inet_pfil_hook))
> >
> > Checking for (inet_pfil_hook.ph_busy_count == -1) is the official to see if
> > there are any hooks connected.  I don't think we need to abstract this in a
> > macro.
> 
> Well, having written the locking there I can tell you that ph_busy_count is
> really an *internal* value of the locking and should not be used directly. At
> least as long as we want to be able to change the locking at a later point.
> 
> Right now pfil uses a handrolled sleep lock (as the default sx(9) lock is not
> very suitable or fast) but this might change in the future. Using
> ph_busy_count globaly will make that change more difficult.
> 
> Moreover, I find PFIL_IS_EMPTY much easier to understand.

Ok, you convinced me.  I'm going to make it macro called PFIL_IS_HOOKED.
This seems to be a little bit more descriptive than IS_EMPTY.  IS_EMPTY
is easy to confuse with some kind of packet queue or so (which PFIL_HOOKS
isn't).

-- 
Andre

More information about the cvs-src mailing list