OpenBSD Journal

n2k15: sashan@ on PF mpsafe progess

Contributed by pitrh on from the packets unlocked dept.

Our first n2k15 hackathon report comes from Alexandr Nedvedicky (sashan@), who writes:

I'd like to thank Reyk for hackroom and showing us a Christmas market. It was also my pleasure to meet Mr. Henning in person. Speaking of Henning, let's switch to PF hacking.

mpi@ came with patch (sent to priv. list only currently), which adds a new lock for PF. It's called PF big lock. The big PF lock essentially establishes a safe playground for PF hackers. The lock currently covers all pf_test() function. The pf_test() function parts will be gradually unlocked as the work will progress.

To make PF big lock safe few more details must be sorted out. The first of them is to avoid recursive calls to pf_test(). The pf_test() could get entered recursively, when packet hits block rule with return-* action. This is no longer the case as ip*_send() functions got introduced (committed change has been discussed privately). Packets sent on behalf of kernel are dispatched using softnet task queue now. We still have to sort out pf_route*() functions. The other thing we need to sort out with respect to PF big lock is reference counting for statekey, which gets attached to mbuf. Patch has been sent to hackers, waiting for OK too. The plan is to commit reference counting sometimes next year after CVS will be unlocked.

There is one more patch at tech@ waiting for OK. It brings OpenBSD and Solaris PF closer to each other by one tiny little step. That's all from sashan, hope to see you next time.

Thanks for the report and the work that went into this, Sasha! We look forward to seeing this and more hit the tree soon!

(Comments are closed)


Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]