| commit | 7a96cb0362de352ca91eb32ca767a7783499eef3 | |
| author | Sepherosa Ziehau <sephe@dragonflybsd.org> | |
| Sat, 9 Aug 2008 06:09:18 +0000 (9 06:09 +0000) | ||
| committer | Sepherosa Ziehau <sephe@dragonflybsd.org> | |
| Sat, 9 Aug 2008 06:09:18 +0000 (9 06:09 +0000) | ||
| tree | b6fdf93a03005a3b05f7dcc9f10c908d5a5378f1 | treesnapshot (tar.gz zip) |
| parent | 38307791c86b921d7a9825338e1cf4c88c8c950a | commitdiff |
ipfw(4) parallelize stage 1, step 1/2: lock dynamic rule table
- Looking up dynamic rule is protected by shared lockmgr lock, add comment in
the dynamic rule description comment section. Following related changes are
made:
o In lookup_dyn_rule(), don't try to delete expired states or move the
state to the head of hash bucket.
o Expired states will be reaped in ipfw_tick(). Exclusive lockmgr lock is
held when iterating dynamic rules in ipfw_tick().
- Installing and deleting dynamic rules are protected by exclusive lockmgr lock.
- Add lookup_rule(), which returns static rule ptr saved in dynamic rule. This
function is added mainly because accessing dynamic rule outside of lockmgr
lock is unsafe.
- Add static ruleset generation, so that we could check whether static ruleset
was changed or not after blocking operation (e.g. try to hold lockmgr lock)
during static ruleset iteration. If static ruleset was changed, the static
rulset iteration would be terminated and the packet being checked would be
denied/dropped without further static rule accessing (e.g. stats updating).
- Add sysctl functions to make sure that user supplied values are in sane state.
- Looking up dynamic rule is protected by shared lockmgr lock, add comment in
the dynamic rule description comment section. Following related changes are
made:
o In lookup_dyn_rule(), don't try to delete expired states or move the
state to the head of hash bucket.
o Expired states will be reaped in ipfw_tick(). Exclusive lockmgr lock is
held when iterating dynamic rules in ipfw_tick().
- Installing and deleting dynamic rules are protected by exclusive lockmgr lock.
- Add lookup_rule(), which returns static rule ptr saved in dynamic rule. This
function is added mainly because accessing dynamic rule outside of lockmgr
lock is unsafe.
- Add static ruleset generation, so that we could check whether static ruleset
was changed or not after blocking operation (e.g. try to hold lockmgr lock)
during static ruleset iteration. If static ruleset was changed, the static
rulset iteration would be terminated and the packet being checked would be
denied/dropped without further static rule accessing (e.g. stats updating).
- Add sysctl functions to make sure that user supplied values are in sane state.
| sys/net/ipfw/ip_fw2.c | diffblobblamehistory |