Page MenuHomeFreeBSD
Differential D24803

pf: Don't allocate per-table entry counters unless requested.
ClosedPublic
Actions

Authored by markj on May 10 2020, 10:13 PM.
Tags
None
Referenced Files
F82064966: D24803.diff
Thu, Apr 25, 4:52 AM
Unknown Object (File)
Mon, Apr 15, 3:01 AM
Unknown Object (File)
Wed, Apr 10, 8:45 PM
Unknown Object (File)
Tue, Apr 2, 12:54 PM
Unknown Object (File)
Feb 27 2024, 2:00 AM
Unknown Object (File)
Jan 9 2024, 6:43 PM
Unknown Object (File)
Jan 1 2024, 5:14 AM
Unknown Object (File)
Jan 1 2024, 5:14 AM
View All 38 Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
kp
glebius
Group Reviewers
manpages
Commits
rS360903: pf: Don't allocate per-table entry counters unless required.
Summary

pf by default does not do table address accounting unless the "counters"
keyword is specified in the corresponding pf.conf entry. (There doesn't
appear to be a way to specify this at all when adding a table using
pfctl directly.) Yet, we always allocate counters. For large tables,
the memory overhead of the counters is quite significant since we
allocate 12 per table entry. (Plus 12 pointers in the table entry itself.)
Moreover, reloading a table definition from pf.conf causes all counters
to be zeroed, which corresponds to 12 SMP rendezvous operations per
entry, while holding the rules lock.

A further refinement might add a pfr_kentry counter array UMA zone, so
that we can allocate a contiguous array of counters and thus reduce
pointer overhead. We should also try to find a way to reduce the
overhead of counter zeroing.

Mitigate the problem by checking for PFR_TFLAG_COUNTERS before
performing any allocation.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.May 10 2020, 10:13 PM
Herald added subscribers: melifaro, farrokhi. · View Herald TranscriptMay 10 2020, 10:13 PM
markj requested review of this revision.May 10 2020, 10:13 PM
Harbormaster completed remote builds in B31020: Diff 71626.May 10 2020, 10:13 PM
markj added reviewers: kp, glebius.May 10 2020, 10:14 PM
markj edited the summary of this revision. (Show Details)
kp accepted this revision.May 11 2020, 7:52 AM

It'd be nice (but it's not required for this to proceed) to have a test to exercise this, i.e. create a table with counters, send some traffic through, check that the counters incremented.

This revision is now accepted and ready to land.May 11 2020, 7:52 AM
markj added a comment.May 11 2020, 3:07 PM
In D24803#545731, @kp wrote:

It'd be nice (but it's not required for this to proceed) to have a test to exercise this, i.e. create a table with counters, send some traffic through, check that the counters incremented.

Ok, I will write one.

Closed by commit rS360903: pf: Don't allocate per-table entry counters unless required. (authored by markj). · Explain WhyMay 11 2020, 6:47 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rS360903: pf: Don't allocate per-table entry counters unless required..
Herald added a reviewer: manpages. · View Herald TranscriptMay 11 2020, 6:47 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
head/
share/
man/
man5/
1 line
sys/
netpfil/
pf/
106 lines

Diff 71642

View Options

head/share/man/man5/pf.conf.5

Loading...
View Options

head/sys/netpfil/pf/pf_table.c

Loading...