rdr pass for proto tcp sometimes creates states with expire time zero and so breaking connections
Konstantin Belousov
kib at freebsd.org
Sat Feb 2 18:42:17 UTC 2019
On Sat, Feb 02, 2019 at 11:26:45AM +0100, Andreas Longwitz wrote:
> Hello,
>
> > Lets switch to IPI method for fetch, similar to clear.
> > I do not think that the cost of fetch is too important comparing with
> > the race.
> >
> > diff --git a/sys/i386/include/counter.h b/sys/i386/include/counter.h
> > index 7fd26d2a960..278f89123a4 100644
> > --- a/sys/i386/include/counter.h
> > +++ b/sys/i386/include/counter.h
> > @@ -72,7 +72,12 @@ counter_64_inc_8b(uint64_t *p, int64_t inc)
> > }
> >
> > #ifdef IN_SUBR_COUNTER_C
> > -static inline uint64_t
> > +struct counter_u64_fetch_cx8_arg {
> > + uint64_t res;
> > + uint64_t *p;
> > +};
> > +
> > +static uint64_t
> > counter_u64_read_one_8b(uint64_t *p)
> > {
> > uint32_t res_lo, res_high;
> > @@ -87,9 +92,22 @@ counter_u64_read_one_8b(uint64_t *p)
> > return (res_lo + ((uint64_t)res_high << 32));
> > }
> >
> > +static void
> > +counter_u64_fetch_cx8_one(void *arg1)
> > +{
> > + struct counter_u64_fetch_cx8_arg *arg;
> > + uint64_t val;
> > +
> > + arg = arg1;
> > + val = counter_u64_read_one_8b((uint64_t *)((char *)arg->p +
> > + UMA_PCPU_ALLOC_SIZE * PCPU_GET(cpuid)));
> > + atomic_add_64(&arg->res, val);
> > +}
> > +
> > static inline uint64_t
> > counter_u64_fetch_inline(uint64_t *p)
> > {
> > + struct counter_u64_fetch_cx8_arg arg;
> > uint64_t res;
> > int i;
> >
> > @@ -108,9 +126,10 @@ counter_u64_fetch_inline(uint64_t *p)
> > }
> > critical_exit();
> > } else {
> > - CPU_FOREACH(i)
> > - res += counter_u64_read_one_8b((uint64_t *)((char *)p +
> > - UMA_PCPU_ALLOC_SIZE * i));
> > + arg.p = p;
> > + arg.res = 0;
> > + smp_rendezvous(NULL, counter_u64_fetch_cx8_one, NULL, &arg);
> > + res = arg.res;
> > }
> > return (res);
> > }
>
>
> I have integrated this i386 counter(9) patch and using original pf.c to
> some of my test servers and everything runs fine. Today I have added my
> main firewall machine and will report in two weeks the result. I suppose
> running counter_u64_fetch() in parallel to counter_u64_add() is not a
> problem anymore.
Ok, thanks, I will commit the patch shortly. I do not see a point in waiting
for two more weeks, sure report me if anything goes wrong.
More information about the freebsd-pf
mailing list