Page MenuHomeFreeBSD
Differential D24803

pf: Don't allocate per-table entry counters unless requested.
ClosedPublic
Actions

Authored by markj on May 10 2020, 10:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 8, 6:25 PM
Unknown Object (File)
Nov 29 2024, 7:37 AM
Unknown Object (File)
Nov 29 2024, 7:37 AM
Unknown Object (File)
Nov 25 2024, 4:02 AM
Unknown Object (File)
Nov 24 2024, 7:58 AM
Unknown Object (File)
Nov 23 2024, 4:15 AM
Unknown Object (File)
Nov 20 2024, 12:09 PM
Unknown Object (File)
Nov 19 2024, 11:59 AM
View All Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
kp
glebius
Group Reviewers
manpages
Commits
rS360903: pf: Don't allocate per-table entry counters unless required.
Summary

pf by default does not do table address accounting unless the "counters"
keyword is specified in the corresponding pf.conf entry. (There doesn't
appear to be a way to specify this at all when adding a table using
pfctl directly.) Yet, we always allocate counters. For large tables,
the memory overhead of the counters is quite significant since we
allocate 12 per table entry. (Plus 12 pointers in the table entry itself.)
Moreover, reloading a table definition from pf.conf causes all counters
to be zeroed, which corresponds to 12 SMP rendezvous operations per
entry, while holding the rules lock.

A further refinement might add a pfr_kentry counter array UMA zone, so
that we can allocate a contiguous array of counters and thus reduce
pointer overhead. We should also try to find a way to reduce the
overhead of counter zeroing.

Mitigate the problem by checking for PFR_TFLAG_COUNTERS before
performing any allocation.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 31020
Build 28726: arc lint + arc unit

Event Timeline

markj created this revision.May 10 2020, 10:13 PM
Herald added subscribers: melifaro, farrokhi. · View Herald TranscriptMay 10 2020, 10:13 PM
markj requested review of this revision.May 10 2020, 10:13 PM
Harbormaster completed remote builds in B31020: Diff 71626.May 10 2020, 10:13 PM
markj added reviewers: kp, glebius.May 10 2020, 10:14 PM
markj edited the summary of this revision. (Show Details)
kp accepted this revision.May 11 2020, 7:52 AM

It'd be nice (but it's not required for this to proceed) to have a test to exercise this, i.e. create a table with counters, send some traffic through, check that the counters incremented.

This revision is now accepted and ready to land.May 11 2020, 7:52 AM
markj added a comment.May 11 2020, 3:07 PM
In D24803#545731, @kp wrote:

It'd be nice (but it's not required for this to proceed) to have a test to exercise this, i.e. create a table with counters, send some traffic through, check that the counters incremented.

Ok, I will write one.

Closed by commit rS360903: pf: Don't allocate per-table entry counters unless required. (authored by markj). · Explain WhyMay 11 2020, 6:47 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS360903: pf: Don't allocate per-table entry counters unless required..
Herald added a reviewer: manpages. · View Herald TranscriptMay 11 2020, 6:47 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
share/
man/
man5/
1 line
sys/
netpfil/
pf/
106 lines

Diff 71626

View Options

share/man/man5/pf.conf.5

Loading...
View Options

sys/netpfil/pf/pf_table.c

Loading...