On 6.4.2023. 22:46, Alexander Bluhm wrote: > Hi, > > When removing these kernel locks from the ARP input path, the machine > runs stable in my tests. Caller if_netisr() grabs the exclusive > netlock and that should be sufficent for in_arpinput() and arpcache(). > > To stress the ARP resolver I run arp -nd ... in a loop. > > Hrvoje: Could you run this diff on your testsetup? > > bluhm
Hi, I'm running this diff in lab and on production firewalls and boxes seems happy and little faster. In lab whatever I do I couldn't panic boxes, generating incomplete arp entries, arp -ad, destroy vlan, destroy carp, up/down physical interfaces and stuff like that while sending traffic.