|
Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
| #
23e83e90 |
| 05-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Reindent; no functional changes.
|
| #
b0e7fb3e |
| 05-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Simplify sockopt.
|
| #
2187815d |
| 16-Aug-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Rework states and tracks.
- Use RB tree for states and tracks. And put them into their own RB
trees. This avoid worst case hash collision.
- Make states per-cpu. Upper limit is still shar
ipfw: Rework states and tracks.
- Use RB tree for states and tracks. And put them into their own RB
trees. This avoid worst case hash collision.
- Make states per-cpu. Upper limit is still shared, and is managed in
the same fashion as our slab allocator's upper limit, i.e. loosely
updated, which allows 5% over-allocation at most.
- Use two tiers for tracks. The top tier is shared, which maintains
the counter. The second tier is per-cpu, most of the track looking
up should be coverd by this tier. Track counters are updated by
atomic ops, since per-track upper limit is usually too small to use
loose updating.
- Implement progressive state/track expiration and keepalive. It is
mainly intended to make the packet processing latency more smooth.
- Fix fast TCP state recycling issue by tracking the SEQs in addition
to the ACKs.
This drastically improves performance, and reduces/stablizes latency.
For exmaple, nginx, 1KB web object, 30K concurrent connections,
1 request/connection. ipfw is running on the server side.
ipfw non-default setting:
- Max # of states for new-ipfw is 100K (~14MB memory).
- Max # of states for old-ipfw is 500K, and # of hash buckets is 64K.
ipfw rules:
ipfw add 1 check-state
ipfw add allow tcp from any to me 80 setup keep-state
(default deny)
| perf-avg | lat-avg | lat-stdev | lat-99% | lat-max
| (tps) | (ms) | (ms) | (ms) | (ms)
---------+-----------+---------+-----------+---------+---------
no-ipfw | 210658.80 | 58.01 | 5.20 | 68.73 | 146.46
---------+-----------+---------+-----------+---------+---------
new-ipfw | 191626.58 | 64.74 | 5.69 | 75.87 | 166.08
---------+-----------+---------+-----------+---------+---------
old-ipfw | 43481.19 | 153.76 | 47.32 | 296.61 | 425.09
If it is compared w/ no-ipfw case, the performance and latency impacts
of the ipfw after this commit are pretty small.
show more ...
|
|
Revision tags: v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3, v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
| #
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.
|
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1, v2.2.0, v2.3.0, v2.1.1, v2.0.1 |
|
| #
81a24a55 |
| 13-Sep-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
Move ipfw(4) related bits into ip_fw2_glue.c
|
| #
82040d23 |
| 02-Aug-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
- Add macro for cpu_portfn(0), on which all ipfw configuration should happen
- Add assertion macro to make sure a msgport is IPFW_CFGPORT
|
| #
aed810cb |
| 28-Jul-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
Dispatch ipfw control to netisr0. To avoid possible dangling netmsg handler,
create ip_fw2_glue.c, which will be built if inet is built. IPFW_LOADED is
checked again after netmsg's handler is runni
Dispatch ipfw control to netisr0. To avoid possible dangling netmsg handler,
create ip_fw2_glue.c, which will be built if inet is built. IPFW_LOADED is
checked again after netmsg's handler is running, since ipfw unload netmsg may
be processed before this ipfw control netmsg.
show more ...
|
| #
002c1265 |
| 14-Sep-2010 |
Matthew Dillon <dillon@apollo.backplane.com> |
network - Major netmsg retooling, part 1
* Remove all the netmsg shims and make all pr_usrreqs and some proto->pr_*
requests directly netmsg'd.
* Fix issues with tcp implied connects and tcp6->tc
network - Major netmsg retooling, part 1
* Remove all the netmsg shims and make all pr_usrreqs and some proto->pr_*
requests directly netmsg'd.
* Fix issues with tcp implied connects and tcp6->tcp4 fallbacks with
implied connects.
* Fix an issue with a stack-based udp netmsg (allocate it)
* Consolidate struct ip6protosw and struct protosw into a single
structure and normalize the API functions which differed between
the two (primarily proto->pr_input()).
* Remove protosw->pr_soport()
* Replace varargs protocol *_input() functions (ongoing) with fixed
arguments.
show more ...
|
| #
48e7b118 |
| 05-Dec-2009 |
Matthew Dillon <dillon@apollo.backplane.com> |
network - Move socket from netmsg ext to netmsg header, add port to socket
These changes should make it easier to debug mbufs routed to the wrong
protocol threads. Note that IPV6 is routed to netis
network - Move socket from netmsg ext to netmsg header, add port to socket
These changes should make it easier to debug mbufs routed to the wrong
protocol threads. Note that IPV6 is routed to netisr0, even for tcp and udp
packets, so for now we do not KKASSERT that the port matches directly.
The TCP code still KKASSERTs that the timers are running on the correct cpu,
since the cpu is still correct for IPV6 TCP/UDP packets even when the
protocol thread is wrong (netisr_cpu 0 instead of tcp_thread 0 or
udp_thread 0).
* Instead of recalculating the port based on the inp or mbuf all the time,
add a so_port field to the socket structure directly.
* The socket pointer is now part of the netmsg header, even though some
subsystems do not need it. This allows us to validate the message port
more easily.
show more ...
|