HomeFreeBSD
Diffusion FreeBSD src repository 20c4899a8eea

pf: Do not hold PF_RULES_RLOCK while processing Ethernet rules
20c4899a8eea
Actions

Description

pf: Do not hold PF_RULES_RLOCK while processing Ethernet rules

Avoid the overhead of acquiring a (read) RULES lock when processing the
Ethernet rules.
We can get away with that because when rules are modified they're staged
in V_pf_keth_inactive. We take care to ensure the swap to V_pf_keth is
atomic, so that pf_test_eth_rule() always sees either the old rules, or
the new ruleset.

We need to take care not to delete the old ruleset until we're sure no
pf_test_eth_rule() is still running with those. We accomplish that by
using NET_EPOCH_CALL() to actually free the old rules.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31739

Details

Provenance
kpAuthored on Feb 10 2021, 12:28 PM
Differential Revision
D31739: pf: Do not hold PF_RULES_RLOCK while processing Ethernet rules
Parents
rG2b29ceb86f50: pfctl: Print Ethernet rules
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
sys/
net/
netpfil/
pf/

rG20c4899a8eea

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

sys/netpfil/pf/pf_ruleset.c

Loading...