artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5ff1c0) | patch
Remove net lock from DIOCGETRULESET and DIOCGETRULESETS
authorkn <kn@openbsd.org>
Wed, 3 May 2023 10:32:47 +0000 (10:32 +0000)
committerkn <kn@openbsd.org>
Wed, 3 May 2023 10:32:47 +0000 (10:32 +0000)
commit3e519755f71129251aeb31dcbfd658dd1775863b
tree42fef16e638dd945ee1d84b9168723c916163ef4tree | snapshot
parentc5ff1c048c473018d13479e31f553026cc4c7a49commit | diff
Remove net lock from DIOCGETRULESET and DIOCGETRULESETS

Both walk the list of rulesets aka. anchors, to yield a total count and
specific anchor name, respectively.  Same access, different copy out.

pf_anchor_global are contained within pf_ioctl.c and pf_ruleset.c and
fully protected by the pf lock, as is pf_main_ruleset and its pf.c usage.

Rely on and assert for pf lock alone.  'pfctl -sr' on 60k unique rules gets
noticably faster, around 2.1s instead of 3.5s.

OK sashan
sys/net/pf.c diff | blob | history
sys/net/pf_ioctl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim