svn commit: r200855 - in head/sys: net netgraph netinet
netinet/ipfw
Andrey V. Elsukov
bu7cher at yandex.ru
Fri Feb 12 10:39:10 UTC 2010
On 22.12.2009 22:01, Luigi Rizzo wrote:
> Author: luigi
> Date: Tue Dec 22 19:01:47 2009
> New Revision: 200855
> URL: http://svn.freebsd.org/changeset/base/200855
>
> Log:
> merge code from ipfw3-head to reduce contention on the ipfw lock
> and remove all O(N) sequences from kernel critical sections in ipfw.
>
> In detail:
>
> 1. introduce a IPFW_UH_LOCK to arbitrate requests from
> the upper half of the kernel. Some things, such as 'ipfw show',
> can be done holding this lock in read mode, whereas insert and
> delete require IPFW_UH_WLOCK.
>
> The only (very small) regression is on dynamic rule lookup and this will
> be fixed in a day or two, without changing the userland/kernel ABI
>
> Supported by: Valeria Paoli
> MFC after: 1 month
>
> Modified:
> head/sys/netinet/ipfw/ip_fw_sockopt.c
Hi, Luigi.
This commit also broke `ipfw set show` operation. It always show all sets enabled,
because IP_FW_GET command gets small buffer and after calculating wanted size
it returns back without copying anything.
--
WBR, Andrey V. Elsukov
More information about the freebsd-ipfw
mailing list