Page MenuHomeFreeBSD
Differential D31042

libpfctl: Implement pfctl_get_states_stats()
AbandonedPublic
Actions

Authored by kp on Jul 5 2021, 10:09 AM.
Tags
None
Referenced Files
F108876026: D31042.diff
Wed, Jan 29, 12:21 AM
Unknown Object (File)
Fri, Jan 24, 6:03 AM
Unknown Object (File)
Mon, Dec 30, 7:17 PM
Unknown Object (File)
Nov 21 2024, 6:44 AM
Unknown Object (File)
Nov 19 2024, 2:25 PM
Unknown Object (File)
Nov 11 2024, 6:06 AM
Unknown Object (File)
Nov 6 2024, 12:02 PM
Unknown Object (File)
Oct 1 2024, 5:47 PM
View All 37 Files
Subscribers
imp
mjg

Details

Reviewers
mjg
Group Reviewers
network
pfsense
Summary

This allows userspace to estimate the amount of memory required to read
out the full states table.

Use this estimate to improve pfctl_get_states(). We now call the stats
function first and use this estimate to allocate the buffer for the
subsequent DIOCGETSTATESNV call. This reduces the total work required by
removing the need to do the call, adjust the allocation size and try
again.

MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 40304
Build 37193: arc lint + arc unit

Event Timeline

kp created this revision.Jul 5 2021, 10:09 AM
Herald added a subscriber: imp. · View Herald TranscriptJul 5 2021, 10:09 AM
kp requested review of this revision.Jul 5 2021, 10:09 AM
Harbormaster completed remote builds in B40288: Diff 91771.Jul 5 2021, 10:09 AM
kp added a parent revision: D31041: pf: Add DIOCGETSTATESSTATS.Jul 5 2021, 10:09 AM
kp added a child revision: D30947: pf: support paging in the DIOCGETSTATESNV call.Jul 5 2021, 10:10 AM
kp added reviewers: network, pfsense.
mjg added a subscriber: mjg.Jul 5 2021, 11:13 AM
mjg added inline comments.
lib/libpfctl/libpfctl.c
759–766

This needs to add some amount, say 20%. Otherwise one extra state after obtaining the number forces a reallocation.

kp added inline comments.Jul 5 2021, 11:49 AM
lib/libpfctl/libpfctl.c
759–766

In practice that's not really a problem. Partly because an nvlist state is generally smaller than the 2048 bytes we allocate for it (so there's built-in buffer space already), and partly because even if we underestimate the amount of space required we don't have to start again from scratch (or won't, with the upcoming paging/token support). So even if we don't have quite enough memory in one go we'll only have to make one more call to retrieve the states (or rather, rows of states) that didn't fit. We won't have to start again from scratch.

mjg added inline comments.Jul 5 2021, 12:22 PM
lib/libpfctl/libpfctl.c
759–766

The idiom is to add some amount and it's trivial to do it. If you insist on not doing it, this needs a comment.

kp updated this revision to Diff 91792.Jul 5 2021, 1:25 PM
  • adjust to the new ioctl name
  • add 20% headroom, in case new states are created between the stats call and the get call
Harbormaster completed remote builds in B40304: Diff 91792.Jul 5 2021, 1:25 PM
mjg accepted this revision.Jul 5 2021, 2:09 PM
This revision is now accepted and ready to land.Jul 5 2021, 2:09 PM
kp abandoned this revision.Jul 7 2021, 7:49 PM

While this improves the present situation it's still unacceptably slow, so I'm going to try a version without nvlist.

Revision Contents
Changeset List

PathSize
lib/
libpfctl/
6 lines
60 lines

Diff 91792

View Options

lib/libpfctl/libpfctl.h

Loading...
View Options

lib/libpfctl/libpfctl.c

Loading...