Date: Fri, 9 Jul 2021 13:24:25 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 9e5d987058fe - stable/13 - pf: Reduce the data returned in DIOCGETSTATESNV Message-ID: <202107091324.169DOPwo063393@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9e5d987058fe79d46d9bc320b05630319bcca225 commit 9e5d987058fe79d46d9bc320b05630319bcca225 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-06-29 08:26:40 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-07-09 08:07:21 +0000 pf: Reduce the data returned in DIOCGETSTATESNV This call is particularly slow due to the large amount of data it returns. Remove all fields pfctl does not use. There is no functional impact to pfctl, but it somewhat speeds up the call. It might affect other (i.e. non-FreeBSD) code that uses the new interface, but this call is very new, so there's unlikely to be any. No releases contained the previous version, so we choose to live with the ABI modification. Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30944 (cherry picked from commit 34285eefddc99c994c3e5374ba7836cc7cfc8e2e) --- lib/libpfctl/libpfctl.c | 22 ---------------------- lib/libpfctl/libpfctl.h | 12 ------------ sys/netpfil/pf/pf_nv.c | 34 +--------------------------------- 3 files changed, 1 insertion(+), 67 deletions(-) diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 52cd0ed7f36c..524e2472238e 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -636,35 +636,15 @@ pfctl_nv_add_state_cmp(nvlist_t *nvl, const char *name, nvlist_destroy(nv); } -static void -pf_nvstate_scrub_to_state_scrub(const nvlist_t *nvl, - struct pfctl_state_scrub *scrub) -{ - bzero(scrub, sizeof(*scrub)); - - scrub->timestamp = nvlist_get_bool(nvl, "timestamp"); - scrub->ttl = nvlist_get_number(nvl, "ttl"); - scrub->ts_mod = nvlist_get_number(nvl, "ts_mod"); -} - static void pf_nvstate_peer_to_state_peer(const nvlist_t *nvl, struct pfctl_state_peer *peer) { bzero(peer, sizeof(*peer)); - if (nvlist_exists_nvlist(nvl, "scrub")) { - peer->scrub = malloc(sizeof(*peer->scrub)); - pf_nvstate_scrub_to_state_scrub( - nvlist_get_nvlist(nvl, "scrub"), - peer->scrub); - } - peer->seqlo = nvlist_get_number(nvl, "seqlo"); peer->seqhi = nvlist_get_number(nvl, "seqhi"); peer->seqdiff = nvlist_get_number(nvl, "seqdiff"); - peer->max_win = nvlist_get_number(nvl, "max_win"); - peer->mss = nvlist_get_number(nvl, "mss"); peer->state = nvlist_get_number(nvl, "state"); peer->wscale = nvlist_get_number(nvl, "wscale"); } @@ -721,9 +701,7 @@ pf_nvstate_to_state(const nvlist_t *nvl, struct pfctl_state *s) pf_nvuint_64_array(nvl, "packets", 2, s->packets, NULL); pf_nvuint_64_array(nvl, "bytes", 2, s->bytes, NULL); - s->log = nvlist_get_number(nvl, "log"); s->state_flags = nvlist_get_number(nvl, "state_flags"); - s->timeout = nvlist_get_number(nvl, "timeout"); s->sync_flags = nvlist_get_number(nvl, "sync_flags"); } diff --git a/lib/libpfctl/libpfctl.h b/lib/libpfctl/libpfctl.h index a54ee9db6ec7..62866e17f904 100644 --- a/lib/libpfctl/libpfctl.h +++ b/lib/libpfctl/libpfctl.h @@ -197,19 +197,10 @@ struct pfctl_kill { bool kill_match; }; -struct pfctl_state_scrub { - bool timestamp; - uint8_t ttl; - uint32_t ts_mod; -}; - struct pfctl_state_peer { - struct pfctl_state_scrub *scrub; uint32_t seqlo; uint32_t seqhi; uint32_t seqdiff; - uint16_t max_win; - uint16_t mss; uint8_t state; uint8_t wscale; }; @@ -243,10 +234,7 @@ struct pfctl_state { uint32_t creation; uint32_t expire; uint32_t pfsync_time; - uint16_t tag; - uint8_t log; uint8_t state_flags; - uint8_t timeout; uint32_t sync_flags; }; diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c index 553290c88586..e52d52642eab 100644 --- a/sys/netpfil/pf/pf_nv.c +++ b/sys/netpfil/pf/pf_nv.c @@ -874,52 +874,22 @@ errout: return (NULL); } -static nvlist_t * -pf_state_scrub_to_nvstate_scrub(const struct pf_state_scrub *scrub) -{ - nvlist_t *nvl; - - nvl = nvlist_create(0); - if (nvl == NULL) - return (NULL); - - nvlist_add_bool(nvl, "timestamp", scrub->pfss_flags & PFSS_TIMESTAMP); - nvlist_add_number(nvl, "ttl", scrub->pfss_ttl); - nvlist_add_number(nvl, "ts_mod", scrub->pfss_ts_mod); - - return (nvl); -} - static nvlist_t * pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer) { - nvlist_t *nvl, *tmp; + nvlist_t *nvl; nvl = nvlist_create(0); if (nvl == NULL) return (NULL); - if (peer->scrub) { - tmp = pf_state_scrub_to_nvstate_scrub(peer->scrub); - if (tmp == NULL) - goto errout; - nvlist_add_nvlist(nvl, "scrub", tmp); - nvlist_destroy(tmp); - } - nvlist_add_number(nvl, "seqlo", peer->seqlo); nvlist_add_number(nvl, "seqhi", peer->seqhi); nvlist_add_number(nvl, "seqdiff", peer->seqdiff); - nvlist_add_number(nvl, "max_win", peer->max_win); - nvlist_add_number(nvl, "mss", peer->mss); nvlist_add_number(nvl, "state", peer->state); nvlist_add_number(nvl, "wscale", peer->wscale); return (nvl); - -errout: - nvlist_destroy(nvl); - return (NULL); } nvlist_t * @@ -989,9 +959,7 @@ pf_state_to_nvstate(const struct pf_state *s) nvlist_add_number(nvl, "creatorid", s->creatorid); nvlist_add_number(nvl, "direction", s->direction); - nvlist_add_number(nvl, "log", s->log); nvlist_add_number(nvl, "state_flags", s->state_flags); - nvlist_add_number(nvl, "timeout", s->timeout); if (s->src_node) flags |= PFSYNC_FLAG_SRCNODE; if (s->nat_src_node)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107091324.169DOPwo063393>