d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6995fb5eb7
freebsd-dev/sbin/pfctl
History
Kristof Provost d2568b024d pfctl: improve rule load times with thousands of interfaces 
r343287 / D18759 introduced ifa_add_groups_to_map() which is now run by
ifa_load/ifa_lookup/host_if. When loading an anchor or ruleset via pfctl that
does NOT contain ifnames as hosts, host() still ends up iterating all
interfaces twice, grabbing SIOCGIFGROUP ioctl twice for each. This adds an
unnecessary amount of time on systems with thousands or tens of thousands of
interfaces.

Prioritize the IPv4/6 check over the interface name lookup, which skips loading
the iftab and iterating all interfaces when the configuration does not contain
interface names.

Submitted by:	Nick Rogers
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24100
2020-03-19 12:54:43 +00:00
..
tests Fix test cases after r358448 2020-02-29 13:24:41 +00:00
Makefile Move pf.os to sbin/pfctl/ 2018-08-11 13:58:26 +00:00
Makefile.depend DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
parse.y pfctl: Point users to net.pf.request_maxcount if large requests are rejected 2019-01-28 08:36:10 +00:00
pf_print_state.c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
pf.os Move pf.os to sbin/pfctl/ 2018-08-11 13:58:26 +00:00
pfctl_altq.c Fix the fix added in r343287 for spurious HFSC bandwidth check errors 2019-02-11 22:58:43 +00:00
pfctl_optimize.c pfctl: Fix ifgroup check 2019-04-19 10:52:54 +00:00
pfctl_osfp.c pfctl: Make most global variables static. 2016-08-04 19:24:44 +00:00
pfctl_parser.c pfctl: improve rule load times with thousands of interfaces 2020-03-19 12:54:43 +00:00
pfctl_parser.h Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N) 2019-01-22 00:50:24 +00:00
pfctl_qstats.c Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of 2018-08-22 19:38:48 +00:00
pfctl_radix.c pfctl: Warn users when they run into kernel limits 2019-12-14 02:03:47 +00:00
pfctl_table.c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
pfctl.8 pf: Return non-zero from 'status' if pf is not enabled 2018-06-06 19:36:37 +00:00
pfctl.c pfctl: Fix 'set skip' handling for groups 2019-01-13 05:30:26 +00:00
pfctl.h Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N) 2019-01-22 00:50:24 +00:00