link pf state keys to tcp pcbs and vice versa.

when we first do a pcb lookup and we have a pointer to a pf state key
in the mbuf header, store the state key pointer in the pcb and a pointer
to the pcb we just found in the state key. when either the state key
or the pcb is removed, clear the pointers.
on subsequent packets inbound we can skip the pcb lookup and just use the
pointer from the state key.
on subsequent packets outbound we can skip the state key lookup and use
the pointer from the pcb.
about 8% speedup with 100 concurrent tcp sessions, should help much more
with more tcp sessions.
ok markus ryan

6 files changed, 52 insertions, 17 deletions

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 4b3791f0c1f..a31b750f7e8 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.603 2008/07/01 13:07:02 mcbride Exp $ */
+/*	$OpenBSD: pf.c,v 1.604 2008/07/03 15:46:23 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -735,6 +735,8 @@ pf_state_key_detach(struct pf_state *s, int idx)
 		RB_REMOVE(pf_state_tree, &pf_statetbl, s->key[idx]);
 		if (s->key[idx]->reverse)
 			s->key[idx]->reverse->reverse = NULL;
+		if (s->key[idx]->inp)
+			s->key[idx]->inp->inp_pf_sk = NULL;
 		pool_put(&pf_state_key_pl, s->key[idx]);
 	}
 	s->key[idx] = NULL;
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 627ee31e28f..f8103d88976 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.275 2008/06/29 08:42:15 mcbride Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.276 2008/07/03 15:46:23 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -724,6 +724,7 @@ struct pf_state_key {
 	RB_ENTRY(pf_state_key)	 entry;
 	struct pf_statelisthead	 states;
 	struct pf_state_key	*reverse;
+	struct inpcb		*inp;
 };
 
 /* keep synced with struct pf_state, used in RB_FIND */
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 64584522347..16d296e4621 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.99 2008/05/23 15:51:12 thib Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.100 2008/07/03 15:46:24 henning Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -513,6 +513,10 @@ in_pcbdetach(v)
 		ipsec_delete_policy(inp->inp_ipo);
 	splx(s);
 #endif
+#if NPF > 0
+	if (inp->inp_pf_sk)
+		((struct pf_state_key *)inp->inp_pf_sk)->inp = NULL;
+#endif
 	s = splnet();
 	LIST_REMOVE(inp, inp_lhash);
 	LIST_REMOVE(inp, inp_hash);
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 194f23585da..793913eddf3 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.63 2008/05/23 15:51:12 thib Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.64 2008/07/03 15:46:24 henning Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -145,6 +145,7 @@ struct inpcb {
 #define inp_csumoffset	in6p_cksum
 #endif
 	struct	icmp6_filter *inp_icmp6filt;
+	void	*inp_pf_sk;
 };
 
 struct inpcbtable {
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index ebe272227fe..15e6dde0424 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.219 2008/06/14 22:15:30 jsing Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.220 2008/07/03 15:46:24 henning Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/
 
 /*
@@ -97,6 +97,11 @@
 
 #include "faith.h"
 
+#include "pf.h"
+#if NPF > 0
+#include <net/pfvar.h>
+#endif
+
 struct	tcpiphdr tcp_saveti;
 
 int tcp_mss_adv(struct ifnet *, int);
@@ -365,7 +370,7 @@ void
 tcp_input(struct mbuf *m, ...)
 {
 	struct ip *ip;
-	struct inpcb *inp;
+	struct inpcb *inp = NULL;
 	u_int8_t *optp = NULL;
 	int optlen = 0;
 	int tlen, off;
@@ -590,19 +595,32 @@ tcp_input(struct mbuf *m, ...)
 	 * Locate pcb for segment.
 	 */
 findpcb:
-	switch (af) {
+#if NPF > 0
+	if (m->m_pkthdr.pf.statekey)
+		inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp;
+#endif
+	if (inp == NULL) {
+		switch (af) {
 #ifdef INET6
-	case AF_INET6:
-		inp = in6_pcbhashlookup(&tcbtable, &ip6->ip6_src, th->th_sport,
-		    &ip6->ip6_dst, th->th_dport);
-		break;
+		case AF_INET6:
+			inp = in6_pcbhashlookup(&tcbtable, &ip6->ip6_src,
+			    th->th_sport, &ip6->ip6_dst, th->th_dport);
+			break;
+#endif
+		case AF_INET:
+			inp = in_pcbhashlookup(&tcbtable, ip->ip_src,
+			    th->th_sport, ip->ip_dst, th->th_dport);
+			break;
+		}
+#if NPF > 0
+		if (m->m_pkthdr.pf.statekey && inp) {
+			((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp =
+			    inp;
+			inp->inp_pf_sk = m->m_pkthdr.pf.statekey;
+		}
 #endif
-	case AF_INET:
-		inp = in_pcbhashlookup(&tcbtable, ip->ip_src, th->th_sport,
-		    ip->ip_dst, th->th_dport);
-		break;
 	}
-	if (inp == 0) {
+	if (inp == NULL) {
 		int	inpl_flags = 0;
 		if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST)
 			inpl_flags = INPLOOKUP_WILDCARD;
@@ -860,6 +878,14 @@ after_listen:
 		panic("tcp_input: TCPS_LISTEN");
 #endif
 
+#if NPF > 0
+		if (m->m_pkthdr.pf.statekey) {
+			((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp =
+			    inp;
+			inp->inp_pf_sk = m->m_pkthdr.pf.statekey;
+		}
+#endif
+
 #ifdef IPSEC
 	/* Find most recent IPsec tag */
 	mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 53ec8ad07e6..bd06ea95f25 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_output.c,v 1.84 2008/06/28 13:26:38 markus Exp $	*/
+/*	$OpenBSD: tcp_output.c,v 1.85 2008/07/03 15:46:24 henning Exp $	*/
 /*	$NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $	*/
 
 /*
@@ -761,6 +761,7 @@ send:
 	}
 	m->m_pkthdr.rcvif = (struct ifnet *)0;
 	m->m_pkthdr.len = hdrlen + len;
+	m->m_pkthdr.pf.statekey = tp->t_inpcb->inp_pf_sk;
 
 	if (!tp->t_template)
 		panic("tcp_output");