diff options
author | Christian S.J. Peron <csjp@FreeBSD.org> | 2004-06-11 22:17:14 +0000 |
---|---|---|
committer | Christian S.J. Peron <csjp@FreeBSD.org> | 2004-06-11 22:17:14 +0000 |
commit | d316f2cf4f11a5416c515028808af6a379a8ad89 (patch) | |
tree | 3b876be23b11f124940cf692855015949f4bbf8a /usr.sbin/ppp/systems.h | |
parent | 52fae0ba6ce5bf2f0852466f18b8c3c5d1fba7ed (diff) | |
download | src-d316f2cf4f11a5416c515028808af6a379a8ad89.tar.gz src-d316f2cf4f11a5416c515028808af6a379a8ad89.zip |
Modify ip fw so that whenever UID or GID constraints exist in a
ruleset, the pcb is looked up once per ipfw_chk() activation.
This is done by extracting the required information out of the PCB
and caching it to the ipfw_chk() stack. This should greatly reduce
PCB looking contention and speed up the processing of UID/GID based
firewall rules (especially with large UID/GID rulesets).
Some very basic benchmarks were taken which compares the number
of in_pcblookup_hash(9) activations to the number of firewall
rules containing UID/GID based contraints before and after this patch.
The results can be viewed here:
o http://people.freebsd.org/~csjp/ip_fw_pcb.png
Reviewed by: andre, luigi, rwatson
Approved by: bmilekic (mentor)
Notes
Notes:
svn path=/head/; revision=130363
Diffstat (limited to 'usr.sbin/ppp/systems.h')
0 files changed, 0 insertions, 0 deletions