Date: Tue, 5 Feb 2002 17:53:19 +0300 (MSK) From: wawa@yandex-team.ru To: FreeBSD-gnats-submit@freebsd.org Subject: kern/34639: IPFW skipto works too slow Message-ID: <200202051453.g15ErJM09362@shaper.yandex.ru>
next in thread | raw e-mail | index | archive | help
>Number: 34639 >Category: kern >Synopsis: IPFW skipto works too slow >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Feb 05 07:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Vladimir Ivanov >Release: FreeBSD 5.0-CURRENT i386 >Organization: OOO Yandex >Environment: System: FreeBSD shaper.yandex.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #3: Mon Feb 4 13:34:01 MSK 2002 wawa@shaper.yandex.ru:/usr/src/sys/compile/TEST i386 >Description: The original implementation of skipto rule use brute-force to find the appropriate rule. The suggested implementation use indexed access. >How-To-Repeat: >Fix: --- ip_fw.c.original Fri Mar 9 11:13:08 2001 +++ ip_fw.c.hacked_by_wawa Tue Feb 5 17:44:56 2002 @@ -108,6 +108,8 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); +static struct ip_fw_chain *skiptohash[IPFW_DEFAULT_RULE]; + /* * Extension for stateful ipfw. * @@ -903,9 +905,8 @@ int rule = me->rule->fw_skipto_rule ; /* guess... */ if ( (me->rule->fw_flg & IP_FW_F_COMMAND) == IP_FW_F_SKIPTO ) - for (chain = LIST_NEXT(me,next); chain ; chain = LIST_NEXT(chain,next)) - if (chain->rule->fw_number >= rule) - return chain ; + return skiptohash[rule]; + return LIST_NEXT(me,next) ; /* failure or not a skipto */ } @@ -1056,8 +1057,8 @@ if (skipto != 0) { if (skipto >= IPFW_DEFAULT_RULE) goto dropit; - while (chain && chain->rule->fw_number <= skipto) - chain = LIST_NEXT(chain, next); + chain = skiptohash[skipto]; + if (chain == NULL) goto dropit; } @@ -1528,6 +1529,8 @@ nbr += 100; ftmp->fw_number = frwl->fw_number = nbr; } + /* save the pointer in hash */ + skiptohash[ftmp->fw_number] = fwc; /* Got a valid number; now insert it, keeping the list ordered */ LIST_FOREACH(fcp, chainptr, next) { @@ -1561,6 +1564,7 @@ /* prevent access to rules while removing them */ s = splnet(); + skiptohash[number] = NULL; while (fcp && fcp->rule->fw_number == number) { struct ip_fw_chain *next; @@ -1897,6 +1901,7 @@ case IP_FW_FLUSH: s = splnet(); remove_dyn_rule(NULL, 1 /* force delete */); + memset(skiptohash,0,sizeof(skiptohash)); splx(s); while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) && fcp->rule->fw_number != IPFW_DEFAULT_RULE ) { @@ -2044,6 +2049,7 @@ return 0; case MOD_UNLOAD: s = splnet(); + memset(skiptohash, 0, sizeof(skiptohash)); ip_fw_chk_ptr = old_chk_ptr; ip_fw_ctl_ptr = old_ctl_ptr; remove_dyn_rule(NULL, 1 /* force delete */); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202051453.g15ErJM09362>