On this callback I will attach my function from ipfw_sync driver.
This callback will return immediately with passed address. It will
transfer just particular created list item like const pointer from In or
Out arrays. I will read such data direct from Alias DB item without
additional memory operations.
About ringbuffer in libalias. Now db is organized on two hash arrays
with 4001 count of elements, which contains heads of the lists. I have
second way which also can do the work. It was made from me like shadow
tables for broadcom chip states into switch firmware before more then 10
years ago. This approach don't touch original libalias structure, but
have huge drawback. Delay from regular time by driven updates of shadow
structures. I'm sure that isn't ok for router cluster cases. Because we
have too small time when various packets can come on another router's
ingress interface.
I still believe that way with hooks on Alias DB updates with export of
original address of DB list member will be right approach to be done.
Most fastest and efficient
Thanks from feedback.
On 2022-05-27 18:35, Lutz Donnerhacke wrote:
On Fri, May 27, 2022 at 04:18:54PM +0300, Michael Pounov wrote:
Hello Charles Mott
I wrote this mail about my work with IPFW firewall.
I am started my work over IPFW Sync driver and protocol similar like
in PF firewall.
My primery goal is to do sync on NAT states in firewall router
cluster. About it, I need to know when NAT driver add, readd or delete
alias to be notify from libalias
I see one good approach to achieve this, but I must to asking if
existing hidden drawbacks for such approach the author of libalias.
As long as the callback is internal to the kernel, it might work.
libalias is CPU bound, any additional work will slow down the system,
especially when libalias is called from the interrupt level of network
drivers.
What are you thinking about such approach, change and hook of the
existing code?
One can think about a ringbuffer which is filled by libalias and read
by a
different type of code. If the other code is too slow, the ringbuffer
will
override the entries. Please do not consider a dynamically allocated
buffer.
