git: ipfw3: lockless in-kernel NAT

Tue, 21 Jun 2016 03:21:04 -0700 

commit 9187b359203f12156672d8e1db35aaca69f1f482
Author: Bill Yuan <[email protected]>
Date:   Tue Jun 21 18:13:10 2016 +0000

    ipfw3: lockless in-kernel NAT
    
    The libalias is used in kernel space for in-kernel NAT, and its alias_link
    entries are stored with LIST. so all the packets which need to be NAT will 
scan
    against the LIST and trying to find the matched alias_link. by seperating 
the
    libalias into context of different CPUs, the lock can be removed. and due 
to the
    nature of NAT, the outgoing and incoming packets are possible to be handled 
by
    different CPUs, to ensure the returning packet can be translated properly, 
the
    newly created alias_link is required to be duplicated and inserted into 
contexts
    of both CPUs.
    
    e.g.
    ipfw3 nat 1 config if em0
    ipfw3 nat 1 all via em0
    ipfw3 nat 1 show state

Summary of changes:
 lib/libipfw3/basic/ipfw3_basic.c       |   18 +-
 lib/libipfw3/basic/ipfw3_basic.h       |    2 +-
 lib/libipfw3/dummynet/ipfw3_dummynet.c |    4 +-
 lib/libipfw3/dummynet/ipfw3_dummynet.h |    2 +-
 lib/libipfw3/layer2/ipfw3_layer2.c     |    4 +-
 lib/libipfw3/layer2/ipfw3_layer2.h     |    2 +-
 lib/libipfw3/layer4/ipfw3_layer4.c     |    4 +-
 lib/libipfw3/layer4/ipfw3_layer4.h     |    2 +-
 lib/libipfw3/nat/ipfw3_nat.c           |    6 +-
 lib/libipfw3/nat/ipfw3_nat.h           |    4 +-
 sbin/ipfw3/Makefile                    |    7 +-
 sbin/ipfw3/ipfw.h                      |   56 --
 sbin/ipfw3/ipfw3.c                     | 1009 ++-----------------------------
 sbin/ipfw3/ipfw3.h                     |  131 ++++
 sbin/ipfw3/ipfw3nat.c                  | 1017 ++++++++++++++++++++++++++++++++
 sbin/ipfw3/{ipfw3sync.h => ipfw3nat.h} |   36 +-
 sbin/ipfw3/ipfw3sync.c                 |    2 +-
 sys/net/dummynet3/ip_dummynet.h        |    2 +-
 sys/net/ipfw3/ip_fw3.c                 |   52 +-
 sys/net/ipfw3/ip_fw3.h                 |    9 +-
 sys/net/ipfw3/ip_fw3_log.c             |    2 +-
 sys/net/ipfw3/ip_fw3_log.h             |    2 +-
 sys/net/ipfw3/ip_fw3_table.c           |    2 +-
 sys/net/ipfw3/ip_fw3_table.h           |    2 +-
 sys/net/ipfw3_basic/ip_fw3_basic.c     |    2 +-
 sys/net/ipfw3_basic/ip_fw3_basic.h     |    2 +-
 sys/net/ipfw3_layer2/ip_fw3_layer2.c   |    2 +-
 sys/net/ipfw3_layer2/ip_fw3_layer2.h   |    2 +-
 sys/net/ipfw3_layer4/ip_fw3_layer4.c   |    2 +-
 sys/net/ipfw3_layer4/ip_fw3_layer4.h   |    2 +-
 sys/net/ipfw3_nat/ip_fw3_nat.c         |  670 +++++++++++++--------
 sys/net/ipfw3_nat/ip_fw3_nat.h         |   29 +-
 sys/net/libalias/alias.c               |  121 ++--
 sys/net/libalias/alias.h               |    9 +-
 34 files changed, 1800 insertions(+), 1418 deletions(-)
 delete mode 100644 sbin/ipfw3/ipfw.h
 create mode 100644 sbin/ipfw3/ipfw3.h
 create mode 100644 sbin/ipfw3/ipfw3nat.c
 copy sbin/ipfw3/{ipfw3sync.h => ipfw3nat.h} (65%)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9187b359203f12156672d8e1db35aaca69f1f482


-- 
DragonFly BSD source repository

Reply via email to