1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-09 13:42:56 +00:00
Mirror of the FreeBSD src repository https://git.FreeBSD.org/src.git .
Go to file
Luigi Rizzo de240d1013 merge code from ipfw3-head to reduce contention on the ipfw lock
and remove all O(N) sequences from kernel critical sections in ipfw.

In detail:

 1. introduce a IPFW_UH_LOCK to arbitrate requests from
     the upper half of the kernel. Some things, such as 'ipfw show',
     can be done holding this lock in read mode, whereas insert and
     delete require IPFW_UH_WLOCK.

  2. introduce a mapping structure to keep rules together. This replaces
     the 'next' chain currently used in ipfw rules. At the moment
     the map is a simple array (sorted by rule number and then rule_id),
     so we can find a rule quickly instead of having to scan the list.
     This reduces many expensive lookups from O(N) to O(log N).

  3. when an expensive operation (such as insert or delete) is done
     by userland, we grab IPFW_UH_WLOCK, create a new copy of the map
     without blocking the bottom half of the kernel, then acquire
     IPFW_WLOCK and quickly update pointers to the map and related info.
     After dropping IPFW_LOCK we can then continue the cleanup protected
     by IPFW_UH_LOCK. So userland still costs O(N) but the kernel side
     is only blocked for O(1).

  4. do not pass pointers to rules through dummynet, netgraph, divert etc,
     but rather pass a <slot, chain_id, rulenum, rule_id> tuple.
     We validate the slot index (in the array of #2) with chain_id,
     and if successful do a O(1) dereference; otherwise, we can find
     the rule in O(log N) through <rulenum, rule_id>

All the above does not change the userland/kernel ABI, though there
are some disgusting casts between pointers and uint32_t

Operation costs now are as follows:

  Function				Old	Now	  Planned
-------------------------------------------------------------------
  + skipto X, non cached		O(N)	O(log N)
  + skipto X, cached			O(1)	O(1)
XXX dynamic rule lookup			O(1)	O(log N)  O(1)
  + skipto tablearg			O(N)	O(1)
  + reinject, non cached		O(N)	O(log N)
  + reinject, cached			O(1)	O(1)
  + kernel blocked during setsockopt()	O(N)	O(1)
-------------------------------------------------------------------

The only (very small) regression is on dynamic rule lookup and this will
be fixed in a day or two, without changing the userland/kernel ABI

Supported by: Valeria Paoli
MFC after:	1 month
2009-12-22 19:01:47 +00:00
bin Plug a memory leak. 2009-12-21 19:18:27 +00:00
cddl Apply fix Solaris bug 6462803 zfs snapshot -r failed because 2009-12-19 11:43:39 +00:00
contrib Merge 4.2.4p8 into contrib (r200452 & r200454). 2009-12-15 14:58:10 +00:00
crypto Disable SSL renegotiation in order to protect against a serious 2009-12-03 09:18:40 +00:00
etc rc.subr: Use pwait in wait_for_pids. 2009-12-21 22:16:07 +00:00
games Fix a performance bug in factor(6). 2009-11-26 00:38:13 +00:00
gnu Fix one spelling and one copy&paste error in comments. 2009-12-14 01:51:23 +00:00
include Update ntp vendor code to 4.2.4p8. 2009-12-12 22:29:30 +00:00
kerberos5 Link GSS mechanics modules against libgssapi so they will not fail due 2009-10-12 17:10:51 +00:00
lib MFV of tzdata2009t, r200831 2009-12-22 11:17:10 +00:00
libexec Repair breakage to last-minute API change. 2009-12-03 21:44:41 +00:00
release Add "FreeBSD-" to the beginning of the filenames for the ISO images. 2009-12-21 14:42:35 +00:00
rescue Unbreak rescue(8). We should also link against libulog now. 2009-12-05 23:23:46 +00:00
sbin Implement NFSv4 ACL support for UFS. 2009-12-21 19:39:10 +00:00
secure Fix globbing 2009-11-10 09:45:43 +00:00
share Removed duplicate usbd_xfer_state(9) link. 2009-12-22 16:05:28 +00:00
sys merge code from ipfw3-head to reduce contention on the ipfw lock 2009-12-22 19:01:47 +00:00
tools Add regression test for NFSv4 ACLs on UFS. 2009-12-21 20:47:41 +00:00
usr.bin Don't print the archive name with -p and -q options. 2009-12-22 15:13:16 +00:00
usr.sbin apm(8) is no longer linked to zzz(8), catch up. 2009-12-22 14:21:08 +00:00
COPYRIGHT Update ntp vendor code to 4.2.4p8. 2009-12-12 22:29:30 +00:00
LOCKS
MAINTAINERS Register a request that all changes to *env(3) be reviewed by secteam 2009-12-06 23:48:38 +00:00
Makefile Add a new world named 'mips' to our universe. 2009-04-01 17:11:50 +00:00
Makefile.inc1 Add NO_KERNELOBJ flag, similar to NO_KERNEL{CONFIG,DEPEND,CLEAN}, 2009-12-16 02:54:34 +00:00
ObsoleteFiles.inc Add more obsolete files. 2009-12-05 17:46:51 +00:00
README Update ntp vendor code to 4.2.4p8. 2009-12-12 22:29:30 +00:00
UPDATING Mention the unification of rc.firewall and rc.firewall6. 2009-12-18 16:35:28 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The ``world''
target should only be used in cases where the source tree has not
changed from the currently running version.  See:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
for more information, including setting make(1) variables.

The ``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html