pf: Reduce the data returned in DIOCGETSTATESNV
This call is particularly slow due to the large amount of data it
returns. Remove all fields pfctl does not use. There is no functional
impact to pfctl, but it somewhat speeds up the call.
It might affect other (i.e. non-FreeBSD) code that uses the new
interface, but this call is very new, so there's unlikely to be any. No
releases contained the previous version, so we choose to live with the
ABI modification.
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30944
This commit is contained in:
Kristof Provost
parent
d8d43b2de1
commit
34285eefdd
@ -636,35 +636,15 @@ pfctl_nv_add_state_cmp(nvlist_t *nvl, const char *name,
|
||||
nvlist_destroy(nv);
|
||||
}
|
||||
|
||||
static void
|
||||
pf_nvstate_scrub_to_state_scrub(const nvlist_t *nvl,
|
||||
struct pfctl_state_scrub *scrub)
|
||||
{
|
||||
bzero(scrub, sizeof(*scrub));
|
||||
|
||||
scrub->timestamp = nvlist_get_bool(nvl, "timestamp");
|
||||
scrub->ttl = nvlist_get_number(nvl, "ttl");
|
||||
scrub->ts_mod = nvlist_get_number(nvl, "ts_mod");
|
||||
}
|
||||
|
||||
static void
|
||||
pf_nvstate_peer_to_state_peer(const nvlist_t *nvl,
|
||||
struct pfctl_state_peer *peer)
|
||||
{
|
||||
bzero(peer, sizeof(*peer));
|
||||
|
||||
if (nvlist_exists_nvlist(nvl, "scrub")) {
|
||||
peer->scrub = malloc(sizeof(*peer->scrub));
|
||||
pf_nvstate_scrub_to_state_scrub(
|
||||
nvlist_get_nvlist(nvl, "scrub"),
|
||||
peer->scrub);
|
||||
}
|
||||
|
||||
peer->seqlo = nvlist_get_number(nvl, "seqlo");
|
||||
peer->seqhi = nvlist_get_number(nvl, "seqhi");
|
||||
peer->seqdiff = nvlist_get_number(nvl, "seqdiff");
|
||||
peer->max_win = nvlist_get_number(nvl, "max_win");
|
||||
peer->mss = nvlist_get_number(nvl, "mss");
|
||||
peer->state = nvlist_get_number(nvl, "state");
|
||||
peer->wscale = nvlist_get_number(nvl, "wscale");
|
||||
}
|
||||
@ -721,9 +701,7 @@ pf_nvstate_to_state(const nvlist_t *nvl, struct pfctl_state *s)
|
||||
pf_nvuint_64_array(nvl, "packets", 2, s->packets, NULL);
|
||||
pf_nvuint_64_array(nvl, "bytes", 2, s->bytes, NULL);
|
||||
|
||||
s->log = nvlist_get_number(nvl, "log");
|
||||
s->state_flags = nvlist_get_number(nvl, "state_flags");
|
||||
s->timeout = nvlist_get_number(nvl, "timeout");
|
||||
s->sync_flags = nvlist_get_number(nvl, "sync_flags");
|
||||
}
|
||||
|
||||
|
||||
@ -197,19 +197,10 @@ struct pfctl_kill {
|
||||
bool kill_match;
|
||||
};
|
||||
|
||||
struct pfctl_state_scrub {
|
||||
bool timestamp;
|
||||
uint8_t ttl;
|
||||
uint32_t ts_mod;
|
||||
};
|
||||
|
||||
struct pfctl_state_peer {
|
||||
struct pfctl_state_scrub *scrub;
|
||||
uint32_t seqlo;
|
||||
uint32_t seqhi;
|
||||
uint32_t seqdiff;
|
||||
uint16_t max_win;
|
||||
uint16_t mss;
|
||||
uint8_t state;
|
||||
uint8_t wscale;
|
||||
};
|
||||
@ -243,10 +234,7 @@ struct pfctl_state {
|
||||
uint32_t creation;
|
||||
uint32_t expire;
|
||||
uint32_t pfsync_time;
|
||||
uint16_t tag;
|
||||
uint8_t log;
|
||||
uint8_t state_flags;
|
||||
uint8_t timeout;
|
||||
uint32_t sync_flags;
|
||||
};
|
||||
|
||||
|
||||
@ -875,7 +875,7 @@ pf_state_key_to_nvstate_key(const struct pf_state_key *key)
|
||||
}
|
||||
|
||||
static nvlist_t *
|
||||
pf_state_scrub_to_nvstate_scrub(const struct pf_state_scrub *scrub)
|
||||
pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer)
|
||||
{
|
||||
nvlist_t *nvl;
|
||||
|
||||
@ -883,43 +883,13 @@ pf_state_scrub_to_nvstate_scrub(const struct pf_state_scrub *scrub)
|
||||
if (nvl == NULL)
|
||||
return (NULL);
|
||||
|
||||
nvlist_add_bool(nvl, "timestamp", scrub->pfss_flags & PFSS_TIMESTAMP);
|
||||
nvlist_add_number(nvl, "ttl", scrub->pfss_ttl);
|
||||
nvlist_add_number(nvl, "ts_mod", scrub->pfss_ts_mod);
|
||||
|
||||
return (nvl);
|
||||
}
|
||||
|
||||
static nvlist_t *
|
||||
pf_state_peer_to_nvstate_peer(const struct pf_state_peer *peer)
|
||||
{
|
||||
nvlist_t *nvl, *tmp;
|
||||
|
||||
nvl = nvlist_create(0);
|
||||
if (nvl == NULL)
|
||||
return (NULL);
|
||||
|
||||
if (peer->scrub) {
|
||||
tmp = pf_state_scrub_to_nvstate_scrub(peer->scrub);
|
||||
if (tmp == NULL)
|
||||
goto errout;
|
||||
nvlist_add_nvlist(nvl, "scrub", tmp);
|
||||
nvlist_destroy(tmp);
|
||||
}
|
||||
|
||||
nvlist_add_number(nvl, "seqlo", peer->seqlo);
|
||||
nvlist_add_number(nvl, "seqhi", peer->seqhi);
|
||||
nvlist_add_number(nvl, "seqdiff", peer->seqdiff);
|
||||
nvlist_add_number(nvl, "max_win", peer->max_win);
|
||||
nvlist_add_number(nvl, "mss", peer->mss);
|
||||
nvlist_add_number(nvl, "state", peer->state);
|
||||
nvlist_add_number(nvl, "wscale", peer->wscale);
|
||||
|
||||
return (nvl);
|
||||
|
||||
errout:
|
||||
nvlist_destroy(nvl);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
nvlist_t *
|
||||
@ -989,9 +959,7 @@ pf_state_to_nvstate(const struct pf_state *s)
|
||||
|
||||
nvlist_add_number(nvl, "creatorid", s->creatorid);
|
||||
nvlist_add_number(nvl, "direction", s->direction);
|
||||
nvlist_add_number(nvl, "log", s->log);
|
||||
nvlist_add_number(nvl, "state_flags", s->state_flags);
|
||||
nvlist_add_number(nvl, "timeout", s->timeout);
|
||||
if (s->src_node)
|
||||
flags |= PFSYNC_FLAG_SRCNODE;
|
||||
if (s->nat_src_node)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user