Page MenuHomeFreeBSD
Differential D51329

pf: delay taking the rules lock in pf_test()
ClosedPublic
Actions

Authored by kp on Jul 15 2025, 3:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 14, 11:40 AM
Unknown Object (File)
Tue, Oct 14, 11:40 AM
Unknown Object (File)
Tue, Oct 14, 11:40 AM
Unknown Object (File)
Mon, Oct 13, 9:33 PM
Unknown Object (File)
Fri, Sep 26, 12:59 AM
Unknown Object (File)
Thu, Sep 18, 6:57 AM
Unknown Object (File)
Sep 17 2025, 7:26 AM
Unknown Object (File)
Sep 14 2025, 11:04 AM
View All 26 Files
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
glebius
Group Reviewers
network
pfsense
Commits
rGd00f66feaa17: pf: delay taking the rules lock in pf_test()
Summary

We don't need the rules lock to protect the mbuf, or even the kif. If an
interface is removed (which is the only way for a kif to go away) we're not
going to receive traffic on it.

We can't delay taking the lock more, because pf_setup_pdesc() calls the
normalisation code, which iterates the scrub rules. If we ever get rid of those
(as OpenBSD has) it should be possible to delay taking the rules lock until we
actually need to iterate of the rules. That is, we might be able to avoid taking
it at all if we match an existing state.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
14 lines

Diff 158595

View Options

sys/netpfil/pf/pf.c

Loading...