Please use standard C type uint32_t in the new code.

uint32_t

I really don't see how this speed things up except for negative lookups, which normally do not happen. What about not including this arguable ng_bridge_findhook optimization into the changeset and discuss that separately? Seems not necessary for the hooks autonaming.

Should be declared returning a pointer to const data.

Can also be declared const..

This can be coded as

.len = sizeof(hook_prefix[0].prefix)

I'd suggest to make the prefixes public to the rest of the file, this will allow to avoid black magic comparisons like isUplink = (name[0] == 'u'); in the newhook method.

Suggested code that should be located right after struct ng_link_prefix declaration around line 150:

static const struct ng_link_prefix link_pfx = {
       .prefix = NG_BRIDGE_HOOK_LINK_PREFIX,
       .len = sizeof(link_pfx.prefix),
};
static const struct ng_link_prefix uplink_pfx = {
        .prefix = NG_BRIDGE_HOOK_UPLINK_PREFIX,
        .len = sizeof(uplink_pfx.prefix),
};

static const struct ng_link_prefix *
ng_get_link_prefix(const char *name)
{
          static const struct ng_link_prefix *pfxs[] = { &link_pfx, &uplink_pfx, };

          for (u_int i = 0; i < nitems(pfxs); i++)
                if (strncmp(pfxs[i]->prefix, name, pfxs[i]->len) == 0)
                            return (pfxs[i]);

           return (0);
}

Then in the newhook/connect methods, you can compare like isUplink = (pfx == &uplink_pfx) instead of black magic.

Maybe add "eiface" too? But it’s better to consider the bhyve part in a separate review.

Modern compilers catch this moment. But at the very least I am against mixing different styles for comparison within the same unit.

Ditto.

will change

will change

agreed will remove as normal logic is still fine.

will change

well i'm taking your bigger suggestion below but otherwise would change ;)

This is where you are wrong. that gives you the size of a pointer and led me to many a panic for a while there. I'm using sizeof for compile time determination of a string length.

.len = sizeof(uplink_pfx.prefix)

That unfortunately gives a size of the pointer. What I want is the strlen() but at compile time. So I do need:

.len = sizeof(DEFINED_STRING) -1 /* added the \0 and we don't want */

but otherwise totally taking all advise on this.

I'm going to pull byhve out of this review. It isn't required to be in same patch (or indeed at all to get what I'm after).

Given that ng_add_hook() always does a check for a hook with the user supplied new name, that shall never happen. Since you do strtoul+snprintf+strcmp check, you make sure that synthesized hook name is equal to user supplied name. If we are past strcmp() we are sure a hook with such a name doesn't exist, that means unr shall not be allocated.

Can you please check that you can't intentionally hit this EINVAL and you always get either EEXIST from ng_add_hook() or EINVAL from the strcmp above? If so, than better to make a KASSERT() that alloc_unr_specific() always succeeds.

Yep, you are right, and looks like there is no way to put a proper value at compile time except using DEFINED_STRING for a second time. If I use sizeof(*uplink_pfx.profix) I'd get 1.

IMHO, this paragraph should be placed earlier, after line 82. It should also be more verbose. IMHO. If you don't mind, I will edit the manual page before committing.

I would appreciate that. Thank you!

There is exactly one case where this can fail: uplink0 was requested.

That will get by the strcmp() of the default ng_findhook() in ng_base.c because it can't be on the list. It also has a valid prefix.
But look at like 347: the unr(9) is initialized with a start value of 1 so it will reject a 0.

I think the fact you asked about it means it is not obvious and I should go back to this:

if (linkNum == 0 && isUplink)
		return (EINVAL);

Then I would not need to check the return value if that came first.

At minimum this may deserve a comment. Let me know what you prefer and I'll change.

I went ahead and did change back and retested. I was just over eager to use return value of alloc_unr_specific for no reason after I realized I could initialize the uplink unr(9) to start counting at 1. It was objectively a bad change and the original test is better.

Let's assert that alloc_unr* is always successful.

You never tested this with a debugging kernel, did you? alloc_unr_specific() can sleep.

I tested this patch on CURRENT with debug enabled. Can you provide more information?

Where did the restriction come from that you can’t sleep in the context of creating a hook?

Atleast, I know one more node where allocation occurs when creating a hook with M_WAITOK.

Also, if NGM_MKPEER is used, then in one context, a new node is first created with a call to the constructor in which sleeping is allowed, and then the newhook() is called.

I must confess I did not test with debugging kernel. I tested on 14/stable and CURRENT but not debug.

I was aware from the man page that it could sleep but was unaware this is an issue for same reasons Aleksandr mentioned.

Originally I was keeping a sorted linked list of hooks but that code was so much more convoluted than using unr(9) and letting ng_base place the hook on an unsorted list. What issue(s) are you seeing with the sleep?

In some cases this function is called by one of the netgraph threads while in an epoch section:

sys/netgraph/bridge:many_unicasts  ->  panic: malloc(M_WAITOK) with sleeping prohibited
cpuid = 1                                                                      
time = 1713559142                                                              
KDB: stack backtrace:                                                          
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00afc66af0
vpanic() at vpanic+0x135/frame 0xfffffe00afc66c20
panic() at panic+0x43/frame 0xfffffe00afc66c80
malloc_dbg() at malloc_dbg+0xe2/frame 0xfffffe00afc66ca0
malloc() at malloc+0x2c/frame 0xfffffe00afc66ce0
alloc_unr_specific() at alloc_unr_specific+0x42/frame 0xfffffe00afc66d30       
ng_bridge_newhook() at ng_bridge_newhook+0x118/frame 0xfffffe00afc66db0
ng_con_part2() at ng_con_part2+0x9b/frame 0xfffffe00afc66df0
ng_apply_item() at ng_apply_item+0x195/frame 0xfffffe00afc66e80
ngthread() at ngthread+0x26a/frame 0xfffffe00afc66ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe00afc66f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00afc66f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---

It doesn't happen deterministically.

ngthread() has a workaround to avoid entering an epoch section for certain message types, precisely to avoid this constraint, but it apparently doesn't apply here.

I think I understand what's going on. When connecting hooks, ng_send_fn2 is used (https://github.com/freebsd/freebsd-src/blob/main/sys/netgraph/ng_base.c#L1516C15-L1516C26) which queues an ng_item with type NGQF_FN2. Therefore, the workaround does not work because it only checks for NGQF_MESG.

This is non-deterministic because the ng_item is placed on the queue unless it is empty or it is explicitly stated that it is necessary. Then ngthread() starts processing items.

Therefore, we can prohibit the processing of all non-NGQF_DATA ng_item's in the context of no epochs. Which I think is right.

diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c
index 5bff0663e03e..5567d875e47f 100644
--- a/sys/netgraph/ng_base.c
+++ b/sys/netgraph/ng_base.c
@@ -3440,9 +3440,9 @@ ngthread(void *arg)
                                NG_QUEUE_UNLOCK(&node->nd_input_queue);
                                NGI_GET_NODE(item, node); /* zaps stored node */
 
-                               if ((item->el_flags & NGQF_TYPE) == NGQF_MESG) {
+                               if ((item->el_flags & NGQF_TYPE) != NGQF_DATA) {
                                        /*
-                                        * NGQF_MESG items should never be processed in
+                                        * NGQF_MESG, NGQF_FN1 and NGQF_FN2 items should never be processed in
                                         * NET_EPOCH context. So, temporary exit from EPOCH.
                                         */
                                        NET_EPOCH_EXIT(et);

I'm sure that that patch will make the panic go away, but why is it ok to exit the net epoch?

Looks like you have the fix. Is there anything more I can do to assist since I introduced the panic?

I'm sure that that patch will make the panic go away, but why is it ok to exit the net epoch?

The main problem is that the node has one queue (node::nd_input_queue) in which ng_item's of different types are added. ngthread() process this queue in a loop and calls ng_apply_item() for all types in the NET_EPOCH context, which is incorrect, because for example, processing an item of the type NGQF_MESG can cause malloc with M_WAITOK.

But, in most cases (hot path), the queue contains items with the NGQF_DATA type, so we call NET_EPOCH_ENTER outside the loop. Therefore, in the previous change (https://github.com/freebsd/freebsd-src/commit/0e6e2c4ef3d1244fa21e7b691e76fdc09f8eacae), I added NET_EPOCH_EXIT/NET_EPOCH_ENTER inside the loop for optimization.

I understand the problem. Let me ask a different way: why do we enter the net epoch at all?

I think this is the status quo now. Entrance nodes (and ngthread()) are responsible for entering the epoch, the exit nodes are not.

If we don't enter the epoch, exit nodes may call code from the network stack that requires the epoch.

There is also an idea that eventually netgraph internal synchronization shall be converted to epoch.

Maybe, @glebius will give additional information.

All correct. And I think that your suggested patch to ng_base.c will make things better. Still very far from perfect, though.

netgraph(4) definitely needs a deep refactor to modern kernel, hopefully GSoC will provide us with at least a PoC. Meanwhile, let's check in your patch.