*Hi,* *You are right, I got your point already,* *No need to sync the state table because if the state is not existing in CPU A's context, the traffic still can continue , it will automatically create,*
*But the NAT is different. because when the traffic return back, it has to see the NAT record. if we have NAT record per-CPU, then that means we need to sync the record to all CPU. that will cause more resource, so NAT will be shared by call CPUs, so cannot be "lockless"* On Wed, Nov 19, 2014 at 9:48 AM, Sepherosa Ziehau <[email protected]> wrote: > The code of lockless ipfw2 static rule is there for ages > (sys/net/ipfw) and I currently don't find enough time to make in-base > ipfw2 state table lockless. But it could be as simple as: > - Make state table per-cpu. > - Make the state table GC callout per-cpu. > - Remove the state table lock. > > > On Wed, Nov 19, 2014 at 9:26 AM, bycn82 <[email protected]> wrote: > > why not share more information, for example write a internal document for > > developers like NetBSD in order to help newcomers. > > > > https://www.netbsd.org/docs/internals/en/index.html > > > > > > On Tue, Nov 18, 2014 at 6:45 AM, Sepherosa Ziehau <[email protected]> > > wrote: > >> > >> For static rules, ipfw2 in the base is already lockless MPSAFE. I > >> want to change the states lockless MPSAFE (it was not doable back to > >> the time I made ipfw2 static rules lockless MPSAFE; but now since we > >> dispatch udp outputs to the proper netisr, it is doable). > >> > >> On Mon, Nov 17, 2014 at 6:13 PM, Zachary Crownover > >> <[email protected]> wrote: > >> > I would say follow in the steps that were taken for the pf code that > was > >> > touched recently for SMP support and prevention of locking for you > >> > application of the same into ipfw. > >> > > >> > On Sun, Nov 16, 2014 at 10:04 PM, bycn82 <[email protected]> wrote: > >> >> > >> >> Hi , > >> >> I am re-writing the ipfw for dragonflybsd. and once I cleanup the > code, > >> >> I > >> >> will continue port some useful features like NAT and policy routing.( > >> >> NAT > >> >> will be the next one) > >> >> > >> >> And here is a simple wiki page for it, > >> >> http://www.dragonflybsd.org/docs/ipfw2/ > >> >> > >> >> any comment? Sure I need people's help in testing of it. thanks in > >> >> advanced. > >> >> > >> >> Regards, > >> >> bycn82 > >> > > >> > > >> > > >> > > >> > -- > >> > Sincerely, > >> > > >> > Zachary Crownover > >> > >> > >> > >> -- > >> Tomorrow Will Never Die > > > > > > > > -- > Tomorrow Will Never Die >
