Hi,
Please review this patch. These two variables are RO-tunables and
cannot be changed at runtime. As such, it is not useful to
virtualize them.
Thanks,
Nikos
Index: sys/netpfil/pf/pf.c
===================================================================
--- sys/netpfil/pf/pf.c (revision 251514)
+++ sys/netpfil/pf/pf.c (working copy)
@@ -359,15 +359,13 @@ VNET_DEFINE(u_long, pf_srchashmask);
SYSCTL_NODE(_net, OID_AUTO, pf, CTLFLAG_RW, 0, "pf(4)");
-VNET_DEFINE(u_long, pf_hashsize);
-#define V_pf_hashsize VNET(pf_hashsize)
-SYSCTL_VNET_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
- &VNET_NAME(pf_hashsize), 0, "Size of pf(4) states hashtable");
+static u_long pf_hashsize;
+static u_long pf_srchashsize;
-VNET_DEFINE(u_long, pf_srchashsize);
-#define V_pf_srchashsize VNET(pf_srchashsize)
+SYSCTL_UINT(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN,
+ &pf_hashsize, 0, "Size of pf(4) states hashtable");
SYSCTL_VNET_UINT(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN,
- &VNET_NAME(pf_srchashsize), 0, "Size of pf(4) source nodes hashtable");
+ &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable");
VNET_DEFINE(void *, pf_swi_cookie);
@@ -698,12 +696,12 @@ pf_initialize()
struct pf_srchash *sh;
u_int i;
- TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &V_pf_hashsize);
- if (V_pf_hashsize == 0 || !powerof2(V_pf_hashsize))
- V_pf_hashsize = PF_HASHSIZ;
- TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &V_pf_srchashsize);
- if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize))
- V_pf_srchashsize = PF_HASHSIZ / 4;
+ TUNABLE_ULONG_FETCH("net.pf.states_hashsize", &pf_hashsize);
+ if (pf_hashsize == 0 || !powerof2(pf_hashsize))
+ pf_hashsize = PF_HASHSIZ;
+ TUNABLE_ULONG_FETCH("net.pf.source_nodes_hashsize", &pf_srchashsize);
+ if (pf_srchashsize == 0 || !powerof2(pf_srchashsize))
+ pf_srchashsize = PF_HASHSIZ / 4;
V_pf_hashseed = arc4random();
@@ -717,11 +715,11 @@ pf_initialize()
V_pf_state_key_z = uma_zcreate("pf state keys",
sizeof(struct pf_state_key), pf_state_key_ctor, NULL, NULL, NULL,
UMA_ALIGN_PTR, 0);
- V_pf_keyhash = malloc(V_pf_hashsize * sizeof(struct pf_keyhash),
+ V_pf_keyhash = malloc(pf_hashsize * sizeof(struct pf_keyhash),
M_PFHASH, M_WAITOK | M_ZERO);
- V_pf_idhash = malloc(V_pf_hashsize * sizeof(struct pf_idhash),
+ V_pf_idhash = malloc(pf_hashsize * sizeof(struct pf_idhash),
M_PFHASH, M_WAITOK | M_ZERO);
- V_pf_hashmask = V_pf_hashsize - 1;
+ V_pf_hashmask = pf_hashsize - 1;
for (i = 0, kh = V_pf_keyhash, ih = V_pf_idhash; i <= V_pf_hashmask;
i++, kh++, ih++) {
mtx_init(&kh->lock, "pf_keyhash", NULL, MTX_DEF);
@@ -735,9 +733,9 @@ pf_initialize()
V_pf_limits[PF_LIMIT_SRC_NODES].zone = V_pf_sources_z;
uma_zone_set_max(V_pf_sources_z, PFSNODE_HIWAT);
uma_zone_set_warning(V_pf_sources_z, "PF source nodes limit reached");
- V_pf_srchash = malloc(V_pf_srchashsize * sizeof(struct pf_srchash),
+ V_pf_srchash = malloc(pf_srchashsize * sizeof(struct pf_srchash),
M_PFHASH, M_WAITOK|M_ZERO);
- V_pf_srchashmask = V_pf_srchashsize - 1;
+ V_pf_srchashmask = pf_srchashsize - 1;
for (i = 0, sh = V_pf_srchash; i <= V_pf_srchashmask; i++, sh++)
mtx_init(&sh->lock, "pf_srchash", NULL, MTX_DEF);
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
