Date: Tue, 5 Feb 2002 17:53:19 +0300 (MSK) From: wawa@yandex-team.ru To: FreeBSD-gnats-submit@freebsd.org Subject: kern/34639: IPFW skipto works too slow Message-ID: <200202051453.g15ErJM09362@shaper.yandex.ru>
next in thread | raw e-mail | index | archive | help
>Number: 34639
>Category: kern
>Synopsis: IPFW skipto works too slow
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 05 07:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Vladimir Ivanov
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
OOO Yandex
>Environment:
System: FreeBSD shaper.yandex.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #3: Mon Feb 4 13:34:01 MSK 2002 wawa@shaper.yandex.ru:/usr/src/sys/compile/TEST i386
>Description:
The original implementation of skipto rule use brute-force to find the appropriate rule.
The suggested implementation use indexed access.
>How-To-Repeat:
>Fix:
--- ip_fw.c.original Fri Mar 9 11:13:08 2001
+++ ip_fw.c.hacked_by_wawa Tue Feb 5 17:44:56 2002
@@ -108,6 +108,8 @@
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW,
&fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged");
+static struct ip_fw_chain *skiptohash[IPFW_DEFAULT_RULE];
+
/*
* Extension for stateful ipfw.
*
@@ -903,9 +905,8 @@
int rule = me->rule->fw_skipto_rule ; /* guess... */
if ( (me->rule->fw_flg & IP_FW_F_COMMAND) == IP_FW_F_SKIPTO )
- for (chain = LIST_NEXT(me,next); chain ; chain = LIST_NEXT(chain,next))
- if (chain->rule->fw_number >= rule)
- return chain ;
+ return skiptohash[rule];
+
return LIST_NEXT(me,next) ; /* failure or not a skipto */
}
@@ -1056,8 +1057,8 @@
if (skipto != 0) {
if (skipto >= IPFW_DEFAULT_RULE)
goto dropit;
- while (chain && chain->rule->fw_number <= skipto)
- chain = LIST_NEXT(chain, next);
+ chain = skiptohash[skipto];
+
if (chain == NULL)
goto dropit;
}
@@ -1528,6 +1529,8 @@
nbr += 100;
ftmp->fw_number = frwl->fw_number = nbr;
}
+ /* save the pointer in hash */
+ skiptohash[ftmp->fw_number] = fwc;
/* Got a valid number; now insert it, keeping the list ordered */
LIST_FOREACH(fcp, chainptr, next) {
@@ -1561,6 +1564,7 @@
/* prevent access to rules while removing them */
s = splnet();
+ skiptohash[number] = NULL;
while (fcp && fcp->rule->fw_number == number) {
struct ip_fw_chain *next;
@@ -1897,6 +1901,7 @@
case IP_FW_FLUSH:
s = splnet();
remove_dyn_rule(NULL, 1 /* force delete */);
+ memset(skiptohash,0,sizeof(skiptohash));
splx(s);
while ( (fcp = LIST_FIRST(&ip_fw_chain_head)) &&
fcp->rule->fw_number != IPFW_DEFAULT_RULE ) {
@@ -2044,6 +2049,7 @@
return 0;
case MOD_UNLOAD:
s = splnet();
+ memset(skiptohash, 0, sizeof(skiptohash));
ip_fw_chk_ptr = old_chk_ptr;
ip_fw_ctl_ptr = old_ctl_ptr;
remove_dyn_rule(NULL, 1 /* force delete */);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202051453.g15ErJM09362>