diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-28 17:16:40 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-28 17:16:40 +0000 |
| commit | f96d4bfaae8e683d6ce36140dff54c0670c826fb (patch) | |
| tree | 599f5dac4bbc56331fe9f4806b73b80dabee239c /sys/netinet | |
| parent | 024903f229c875b3dcae393928cc28761a3c18dd (diff) | |
double pf performance.
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_input.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ipsec_output.c | 4 |
3 files changed, 6 insertions, 10 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index dc0804981bc..529d271fbea 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.148 2007/05/27 20:14:15 dlg Exp $ */ +/* $OpenBSD: ip_input.c,v 1.149 2007/05/28 17:16:39 henning Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -1434,9 +1434,6 @@ ip_forward(m, srcrt) int error, type = 0, code = 0, destmtu = 0, rtableid = 0; struct mbuf *mcopy; n_long dest; -#if NPF > 0 - struct pf_mtag *pft; -#endif dest = 0; #ifdef DIAGNOSTIC @@ -1455,8 +1452,7 @@ ip_forward(m, srcrt) } #if NPF > 0 - if ((pft = pf_find_mtag(m)) != NULL) - rtableid = pft->rtableid; + rtableid = m->m_pkthdr.pf.rtableid; #endif sin = satosin(&ipforward_rt.ro_dst); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index c3c45b5373b..16ea0a2cdb7 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.83 2007/02/08 15:25:30 itojun Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.84 2007/05/28 17:16:39 henning Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -562,7 +562,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, #if NPF > 0 /* Add pf tag if requested. */ - if (pf_tag_packet(m, NULL, tdbp->tdb_tag, -1)) + if (pf_tag_packet(m, tdbp->tdb_tag, -1)) DPRINTF(("failed to tag ipsec packet\n")); #endif diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 2a9d6da4519..bdb15200674 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.37 2007/02/08 15:25:30 itojun Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.38 2007/05/28 17:16:39 henning Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -497,7 +497,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) #if NPF > 0 /* Add pf tag if requested. */ - if (pf_tag_packet(m, NULL, tdb->tdb_tag, -1)) + if (pf_tag_packet(m, tdb->tdb_tag, -1)) DPRINTF(("failed to tag ipsec packet\n")); #endif |