2e6cdfe293
Both pf_rules_lock and pf_ioctl_lock only ever affect one vnet, so there's no point in having these locks affect other vnets. (In fact, the only lock in pf that can affect multiple vnets is pf_end_lock.) That's especially important for the rules lock, because taking the write lock suspends all network traffic until it's released. This will reduce the impact a vnet running pf can have on other vnets, and improve concurrency on machines running multiple pf-enabled vnets. Reviewed by: zlei Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39658 |
||
---|---|---|
.. | ||
ipfilter/netinet | ||
ipfw | ||
pf |