Page MenuHomeFreeBSD
Differential D39658

pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks
ClosedPublic
Actions

Authored by kp on Apr 18 2023, 2:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Feb 1, 11:30 PM
Unknown Object (File)
Jan 18 2025, 5:55 PM
Unknown Object (File)
Dec 26 2024, 10:28 PM
Unknown Object (File)
Nov 22 2024, 12:04 PM
Unknown Object (File)
Nov 19 2024, 10:06 AM
Unknown Object (File)
Nov 18 2024, 4:54 AM
Unknown Object (File)
Nov 17 2024, 10:49 PM
Unknown Object (File)
Nov 15 2024, 9:16 AM
View All 46 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
zlei

Details

Reviewers
zlei
Group Reviewers
network
pfsense
Commits
rG2e6cdfe29355: pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks
Summary

Both pf_rules_lock and pf_ioctl_lock only ever affect one vnet, so
there's no point in having these locks affect other vnets.
(In fact, the only lock in pf that can affect multiple vnets is
pf_end_lock.)

That's especially important for the rules lock, because taking the write
lock suspends all network traffic until it's released. This will reduce
the impact a vnet running pf can have on other vnets, and improve
concurrency on machines running multiple pf-enabled vnets.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Apr 18 2023, 2:13 PM
Herald added subscribers: glebius, melifaro, farrokhi and 2 others. · View Herald TranscriptApr 18 2023, 2:13 PM
kp requested review of this revision.Apr 18 2023, 2:13 PM
Harbormaster completed remote builds in B51004: Diff 120568.Apr 18 2023, 2:13 PM
zlei accepted this revision as: zlei.Apr 18 2023, 3:11 PM
zlei added a subscriber: zlei.

Generally looks good to me.

sys/netpfil/pf/pf_ioctl.c
281

pf_ioctl_lock is not used outside pf_ioctl.c, can be defined as static one.

This revision is now accepted and ready to land.Apr 18 2023, 3:11 PM
Closed by commit rG2e6cdfe29355: pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks (authored by kp). · Explain WhyApr 19 2023, 7:51 AM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG2e6cdfe29355: pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks.

Revision Contents
Changeset List

PathSize
sys/
net/
20 lines
netpfil/
pf/
23 lines

Diff 120627

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...