Small comestic proposal (check my 2 comments).

It's okay, portlint is just an helper tool and didn't catch this port complexity.

Don't know what is a "mad64" arch, but it's okay :)-

It's ok, but because the sources provides the license file (LICENSE), you should add a LICENSE_FILE=

I didn't rebuild the full doc for testing error syntax, but by reading all of your changes it seems okay.

Does a "LICENSE= NONE" valid in this case ? (avoid complains from portlint -A)

Mmm… your email is not updated into the MAINTAINER field on this port: Your commit r448911 correctly updated all your email: Does this mean your are working on a non-updated local source tree ?

Good: You correctly used the good capitalization rule for "FreeBSD" :-)

How do you measure the 25% performance increase ?

About 30% performance drop regression (from 2.8Mpps to 1.8Mpps) during forwarding of smallest packet:

In D11476#238004, @ae wrote:

From a quick look, the iflib code does not bind irq to CPU cores. The old em/igb drivers did that and I guess, if you add bus_bind_intr() again, this will increase the performance.

In D11476#237649, @krzysztof.galazka_intel.com wrote:

@olivier - Could you tell me what tools do you use? I'd like to check if forwarding performance on other HW is also affected.

On the first platform: PC Engines APU2C4 (quad core AMD GX-412T Processor 1 GHz), 3 Intel i210AT Gigabit Ethernet ports

• LRO/TSO disabled
• harvest.mask=351
• 2000 flows of smallest UDP packets
• Traffic load at 1.448Mpps (Gigabit line-rate)

I've tested this patch on a setup where this feature is usefull: Using Mediation (NAT hole punching) feature of Strongswan for connecting 2 sites with IPSec, each site behind a NAT box (https://bsdrp.net/documentation/examples/strongswan_ipsec_mediation_feature).
Previously I had to use nat keyword "static-port" into pf line configuration for "helping" pf to keept original UDP source port, then allowing this feature to work.
With this patch, a standard pf nat (without any option) allow to create NAT hole: I don't think it's a "security downgrade" problem, because NAT was never desing for security.

I like it: It's work :-)
Some potential improvement:

• allowing to configure just the rule number (01000) in place of having to declaring the full rule line
• Cosmetic: Setting a name to the ksocket, like export-flow or something like that (it just help to describe a little-better the graphiz).

The updated code should answer to all remarks.
About the sys/modules/Makefile diff: I've synced my FreeBSD src tree to the last revision which updated this file, and when I've updated this review it had included by mistake the change.

Author update his patch and addressed most of the phabricator comments and update it for supporting APU1,2 and 3 boards.

Ok then with one stateless rules:

In D10154#211425, @ae wrote:

I think some performance increasing is possible with static rules.

With a simple ipfw.conf file:

Good catch about only reassembling IPv4 traffic.

More information about this problem created with local_unbound (that add DNSSEC support to DNS query) AND "firewall workstation" mode.

In D9721#204783, @adrian wrote:

Can you compare the sender counters to the receiver counters? ie, is the sender actually queuing and TX'ing 600kpps, or is it something stupid like pause frames causing it to be dropped on output?

In D9721#204567, @adrian wrote:

Olliver - interestingly in your test, netisr chews a whole core and it doesn't allow any other NIC processing to go on on that CPU. Hm! That may be why the input pps is lower, we're dropping 1/4 of the flows really early. CAn you post the igb sysctl output? That is from the hardware..

I was sending 2000 UDP flows at gigabit line rate (1.48Mpps):

In D9721#204270, @ae wrote:

In D9721#204264, @olivier wrote:

• 5 416795 440933.5 423271 426451.8 9207.3367 Difference at 95.0% confidence -122302 +/- 9631.37 -22.2872% +/- 1.74536% (Student's t, pooled s = 6603.87)

Have you observed the packet loss in the netstat -Q statistics? I guess it is possible on such packet rate with default queue length.

With netisr is enabled on this 64bits platform, performance decrease about 22%:

Here is the benefit on standard server:

On a router/firewall use case: About -13% performance drop (4 cores Intel Xeon L5630 with Intel 82599EB NIC)

This patch correctly fix the buildworld with WITHOUT_ZFS=