Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
#
23e83e90 |
| 05-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Reindent; no functional changes.
|
#
b0e7fb3e |
| 05-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Simplify sockopt.
|
#
2187815d |
| 16-Aug-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw: Rework states and tracks.
- Use RB tree for states and tracks. And put them into their own RB trees. This avoid worst case hash collision. - Make states per-cpu. Upper limit is still shar
ipfw: Rework states and tracks.
- Use RB tree for states and tracks. And put them into their own RB trees. This avoid worst case hash collision. - Make states per-cpu. Upper limit is still shared, and is managed in the same fashion as our slab allocator's upper limit, i.e. loosely updated, which allows 5% over-allocation at most. - Use two tiers for tracks. The top tier is shared, which maintains the counter. The second tier is per-cpu, most of the track looking up should be coverd by this tier. Track counters are updated by atomic ops, since per-track upper limit is usually too small to use loose updating. - Implement progressive state/track expiration and keepalive. It is mainly intended to make the packet processing latency more smooth. - Fix fast TCP state recycling issue by tracking the SEQs in addition to the ACKs.
This drastically improves performance, and reduces/stablizes latency.
For exmaple, nginx, 1KB web object, 30K concurrent connections, 1 request/connection. ipfw is running on the server side.
ipfw non-default setting: - Max # of states for new-ipfw is 100K (~14MB memory). - Max # of states for old-ipfw is 500K, and # of hash buckets is 64K.
ipfw rules: ipfw add 1 check-state ipfw add allow tcp from any to me 80 setup keep-state (default deny)
| perf-avg | lat-avg | lat-stdev | lat-99% | lat-max | (tps) | (ms) | (ms) | (ms) | (ms) ---------+-----------+---------+-----------+---------+--------- no-ipfw | 210658.80 | 58.01 | 5.20 | 68.73 | 146.46 ---------+-----------+---------+-----------+---------+--------- new-ipfw | 191626.58 | 64.74 | 5.69 | 75.87 | 166.08 ---------+-----------+---------+-----------+---------+--------- old-ipfw | 43481.19 | 153.76 | 47.32 | 296.61 | 425.09
If it is compared w/ no-ipfw case, the performance and latency impacts of the ipfw after this commit are pretty small.
show more ...
|
Revision tags: v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3, v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1, v2.2.0, v2.3.0, v2.1.1, v2.0.1 |
|
#
81a24a55 |
| 13-Sep-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
Move ipfw(4) related bits into ip_fw2_glue.c
|
#
82040d23 |
| 02-Aug-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
- Add macro for cpu_portfn(0), on which all ipfw configuration should happen - Add assertion macro to make sure a msgport is IPFW_CFGPORT
|
#
aed810cb |
| 28-Jul-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
Dispatch ipfw control to netisr0. To avoid possible dangling netmsg handler, create ip_fw2_glue.c, which will be built if inet is built. IPFW_LOADED is checked again after netmsg's handler is runni
Dispatch ipfw control to netisr0. To avoid possible dangling netmsg handler, create ip_fw2_glue.c, which will be built if inet is built. IPFW_LOADED is checked again after netmsg's handler is running, since ipfw unload netmsg may be processed before this ipfw control netmsg.
show more ...
|
#
002c1265 |
| 14-Sep-2010 |
Matthew Dillon <dillon@apollo.backplane.com> |
network - Major netmsg retooling, part 1
* Remove all the netmsg shims and make all pr_usrreqs and some proto->pr_* requests directly netmsg'd.
* Fix issues with tcp implied connects and tcp6->tc
network - Major netmsg retooling, part 1
* Remove all the netmsg shims and make all pr_usrreqs and some proto->pr_* requests directly netmsg'd.
* Fix issues with tcp implied connects and tcp6->tcp4 fallbacks with implied connects.
* Fix an issue with a stack-based udp netmsg (allocate it)
* Consolidate struct ip6protosw and struct protosw into a single structure and normalize the API functions which differed between the two (primarily proto->pr_input()).
* Remove protosw->pr_soport()
* Replace varargs protocol *_input() functions (ongoing) with fixed arguments.
show more ...
|
#
48e7b118 |
| 05-Dec-2009 |
Matthew Dillon <dillon@apollo.backplane.com> |
network - Move socket from netmsg ext to netmsg header, add port to socket
These changes should make it easier to debug mbufs routed to the wrong protocol threads. Note that IPV6 is routed to netis
network - Move socket from netmsg ext to netmsg header, add port to socket
These changes should make it easier to debug mbufs routed to the wrong protocol threads. Note that IPV6 is routed to netisr0, even for tcp and udp packets, so for now we do not KKASSERT that the port matches directly.
The TCP code still KKASSERTs that the timers are running on the correct cpu, since the cpu is still correct for IPV6 TCP/UDP packets even when the protocol thread is wrong (netisr_cpu 0 instead of tcp_thread 0 or udp_thread 0).
* Instead of recalculating the port based on the inp or mbuf all the time, add a so_port field to the socket structure directly.
* The socket pointer is now part of the netmsg header, even though some subsystems do not need it. This allows us to validate the message port more easily.
show more ...
|