diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-04-18 14:06:36 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-04-19 07:50:52 +0000 |
| commit | 2e6cdfe29355cd81a4e2299d61e6ed57f6798a99 (patch) | |
| tree | ddeea491e93c7d88d258ca2dbcc44f23cfe8b522 /sys/net/pfvar.h | |
| parent | 9c9dfbf2569811fa8232411fd0c95e07ea089e98 (diff) | |
| download | src-2e6cdfe29355cd81a4e2299d61e6ed57f6798a99.tar.gz src-2e6cdfe29355cd81a4e2299d61e6ed57f6798a99.zip | |
pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks
Both pf_rules_lock and pf_ioctl_lock only ever affect one vnet, so
there's no point in having these locks affect other vnets.
(In fact, the only lock in pf that can affect multiple vnets is
pf_end_lock.)
That's especially important for the rules lock, because taking the write
lock suspends all network traffic until it's released. This will reduce
the impact a vnet running pf can have on other vnets, and improve
concurrency on machines running multiple pf-enabled vnets.
Reviewed by: zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39658
Diffstat (limited to 'sys/net/pfvar.h')
| -rw-r--r-- | sys/net/pfvar.h | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index e9e23d985cfa..2f017923afa1 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -385,16 +385,18 @@ extern struct sx pf_config_lock; #define PF_CONFIG_UNLOCK() sx_xunlock(&pf_config_lock) #define PF_CONFIG_ASSERT() sx_assert(&pf_config_lock, SA_XLOCKED) -extern struct rmlock pf_rules_lock; +VNET_DECLARE(struct rmlock, pf_rules_lock); +#define V_pf_rules_lock VNET(pf_rules_lock) + #define PF_RULES_RLOCK_TRACKER struct rm_priotracker _pf_rules_tracker -#define PF_RULES_RLOCK() rm_rlock(&pf_rules_lock, &_pf_rules_tracker) -#define PF_RULES_RUNLOCK() rm_runlock(&pf_rules_lock, &_pf_rules_tracker) -#define PF_RULES_WLOCK() rm_wlock(&pf_rules_lock) -#define PF_RULES_WUNLOCK() rm_wunlock(&pf_rules_lock) -#define PF_RULES_WOWNED() rm_wowned(&pf_rules_lock) -#define PF_RULES_ASSERT() rm_assert(&pf_rules_lock, RA_LOCKED) -#define PF_RULES_RASSERT() rm_assert(&pf_rules_lock, RA_RLOCKED) -#define PF_RULES_WASSERT() rm_assert(&pf_rules_lock, RA_WLOCKED) +#define PF_RULES_RLOCK() rm_rlock(&V_pf_rules_lock, &_pf_rules_tracker) +#define PF_RULES_RUNLOCK() rm_runlock(&V_pf_rules_lock, &_pf_rules_tracker) +#define PF_RULES_WLOCK() rm_wlock(&V_pf_rules_lock) +#define PF_RULES_WUNLOCK() rm_wunlock(&V_pf_rules_lock) +#define PF_RULES_WOWNED() rm_wowned(&V_pf_rules_lock) +#define PF_RULES_ASSERT() rm_assert(&V_pf_rules_lock, RA_LOCKED) +#define PF_RULES_RASSERT() rm_assert(&V_pf_rules_lock, RA_RLOCKED) +#define PF_RULES_WASSERT() rm_assert(&V_pf_rules_lock, RA_WLOCKED) extern struct mtx_padalign pf_table_stats_lock; #define PF_TABLE_STATS_LOCK() mtx_lock(&pf_table_stats_lock) |