using ifiq_input lets ix check the return value from that function
so it can call if_rxr_livelocked as needed. calling if_rxr_livelocked
will make it shrinkthe rx rings before ifiq_input has to start
dropping packets. the idea being that dropping in hardware lets the
cpu spend more time processing packets instead of freeing them.
this works best if you have my "if_input_process doesn't need to mask
interrupts" diff in the tree too. without that the rx ring gets used
more than it should, so it grows the massively to all 255 slots we give
ix rings. with the two diffs together, ix grows the rings to 20 or
30 slots and still manages to forward a lot of packets. the box
feels smoother under a DoS too.
the trick is to figure out the right thresholds in ifiq_input.
Index: if_ix.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/if_ix.c,v
retrieving revision 1.156
diff -u -p -r1.156 if_ix.c
--- if_ix.c 1 Mar 2019 06:15:59 -0000 1.156
+++ if_ix.c 1 Mar 2019 06:16:29 -0000
@@ -2903,7 +2903,8 @@ next_desc:
}
rxr->next_to_check = i;
- if_input(ifp, &ml);
+ if (ifiq_input(&ifp->if_rcv, &ml))
+ if_rxr_livelocked(&rxr->rx_ring);
if (!(staterr & IXGBE_RXD_STAT_DD))
return FALSE;
