Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Apr 2009 17:37:36 +0000 (UTC)
From:      Oleg Bulyzhin <oleg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r191570 - head/sys/netinet
Message-ID:  <200904271737.n3RHbaLL021373@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: oleg
Date: Mon Apr 27 17:37:36 2009
New Revision: 191570
URL: http://svn.freebsd.org/changeset/base/191570

Log:
  Optimize packet flow: if net.inet.ip.fw.one_pass != 0 and packet was
  processed by ipfw once - avoid second ipfw_chk() call.
  This saves us from unnecessary IPFW_RLOCK(), m_tag_find() calls and
  ip/tcp/udp header parsing.
  
  MFC after:	2 month

Modified:
  head/sys/netinet/ip_fw2.c
  head/sys/netinet/ip_fw_pfil.c

Modified: head/sys/netinet/ip_fw2.c
==============================================================================
--- head/sys/netinet/ip_fw2.c	Mon Apr 27 17:36:41 2009	(r191569)
+++ head/sys/netinet/ip_fw2.c	Mon Apr 27 17:37:36 2009	(r191570)
@@ -2515,16 +2515,7 @@ do {									\
 		/*
 		 * Packet has already been tagged. Look for the next rule
 		 * to restart processing.
-		 *
-		 * If fw_one_pass != 0 then just accept it.
-		 * XXX should not happen here, but optimized out in
-		 * the caller.
 		 */
-		if (V_fw_one_pass) {
-			IPFW_RUNLOCK(chain);
-			return (IP_FW_PASS);
-		}
-
 		f = args->rule->next_rule;
 		if (f == NULL)
 			f = lookup_next_rule(args->rule, 0);

Modified: head/sys/netinet/ip_fw_pfil.c
==============================================================================
--- head/sys/netinet/ip_fw_pfil.c	Mon Apr 27 17:36:41 2009	(r191569)
+++ head/sys/netinet/ip_fw_pfil.c	Mon Apr 27 17:37:36 2009	(r191570)
@@ -51,7 +51,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/ucred.h>
 #include <sys/vimage.h>
 
-#define _NET_IF_VAR_H_	/* we don't want if_var.h, only if.h */
 #include <net/if.h>
 #include <net/route.h>
 #include <net/pfil.h>
@@ -63,6 +62,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/ip_fw.h>
 #include <netinet/ip_divert.h>
 #include <netinet/ip_dummynet.h>
+#include <netinet/vinet.h>
 
 #include <netgraph/ng_ipfw.h>
 
@@ -131,10 +131,14 @@ again:
 
 	args.m = *m0;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+		
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 
@@ -257,10 +261,14 @@ again:
 	args.m = *m0;
 	args.oif = ifp;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904271737.n3RHbaLL021373>