Page MenuHomeFreeBSD
Differential D31111

pf: bound DIOCGETSTATESV2 memory use
ClosedPublic
Actions

Authored by kp on Jul 8 2021, 4:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Apr 17, 9:22 PM
Unknown Object (File)
Mar 7 2024, 11:31 PM
Unknown Object (File)
Feb 12 2024, 12:53 AM
Unknown Object (File)
Feb 10 2024, 5:26 PM
Unknown Object (File)
Dec 23 2023, 12:30 AM
Unknown Object (File)
Dec 20 2023, 3:00 PM
Unknown Object (File)
Dec 12 2023, 2:54 PM
Unknown Object (File)
Nov 26 2023, 4:42 PM
View All 19 Files
Subscribers
farrokhi
imp
melifaro
mjg

Details

Reviewers
mjg
Group Reviewers
network
pfsense
Commits
rG4feb5667f59d: pf: bound DIOCGETSTATESV2 memory use
rG569798e0824a: pf: bound DIOCGETSTATESV2 memory use
rG3fc12ae04204: pf: bound DIOCGETSTATESV2 memory use
Summary

Rather than allocating however much memory userspace asks for we only
allocate enough for a handful of states, and copy to userspace for each
completed row.
We start out with enough space for 16 states (per row), but grow that as
required. In most configurations we expect at most a handful of states
per row (more than that would have other negative effects on packet
processing performance).

MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Jul 8 2021, 4:27 PM
Herald added subscribers: melifaro, farrokhi, imp. · View Herald TranscriptJul 8 2021, 4:27 PM
kp requested review of this revision.Jul 8 2021, 4:27 PM
Harbormaster completed remote builds in B40395: Diff 91979.Jul 8 2021, 4:27 PM
kp added a parent revision: D31097: pf: add DIOCGETSTATESV2.Jul 8 2021, 4:28 PM

The previous DIOCGETSTATES call should get the same treatment.

mjg accepted this revision.Jul 8 2021, 6:46 PM
mjg added a subscriber: mjg.

This is a little simplistic as it could load up more and be faster for it, but it is a step forward.

This revision is now accepted and ready to land.Jul 8 2021, 6:46 PM
kp added a comment.Jul 8 2021, 7:13 PM
In D31111#699939, @mjg wrote:

This is a little simplistic as it could load up more and be faster for it, but it is a step forward.

We're at about 3 seconds for a million states with this version, so I'd prefer to keep it as simple as possible.

Closed by commit rG3fc12ae04204: pf: bound DIOCGETSTATESV2 memory use (authored by kp). · Explain WhyJul 9 2021, 9:17 AM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG3fc12ae04204: pf: bound DIOCGETSTATESV2 memory use.
kp added a commit: rG569798e0824a: pf: bound DIOCGETSTATESV2 memory use.Jul 16 2021, 11:55 AM
kp added a commit: rG4feb5667f59d: pf: bound DIOCGETSTATESV2 memory use.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
48 lines

Diff 92000

View Options

sys/netpfil/pf/pf_ioctl.c

Loading...