From e9311d0bc3a9c1f27941a3b741f6753baf581fe3 Mon Sep 17 00:00:00 2001 From: dlg Date: Wed, 4 Jan 2023 10:31:55 +0000 Subject: [PATCH] move the pf_state_tree_id type from pfvar.h to pfvar_priv.h. the pf_state_tree_id type is private to the kernel. while here, move it from being an RB tree to an RBT tree. this saves about 12k in pf.o on amd64. ok sashan@ --- sys/net/if_pfsync.c | 5 ++--- sys/net/pf.c | 21 ++++++++++----------- sys/net/pf_ioctl.c | 11 ++++------- sys/net/pf_lb.c | 8 +++----- sys/net/pfvar.h | 6 +----- sys/net/pfvar_priv.h | 6 +++++- 6 files changed, 25 insertions(+), 32 deletions(-) diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index f69790ee98d..e2c86971336 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.311 2022/11/11 11:47:13 dlg Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.312 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -621,8 +621,7 @@ pfsync_in_clr(caddr_t buf, int len, int count, int flags) continue; PF_STATE_ENTER_WRITE(); - for (st = RB_MIN(pf_state_tree_id, &tree_id); st; st = nexts) { - nexts = RB_NEXT(pf_state_tree_id, &tree_id, st); + RBT_FOREACH_SAFE(st, pf_state_tree_id, &tree_id, nexts) { if (st->creatorid == creatorid && ((kif && st->kif == kif) || !kif)) { SET(st->state_flags, PFSTATE_NOSYNC); diff --git a/sys/net/pf.c b/sys/net/pf.c index b729382a670..307724140eb 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1166 2023/01/04 02:00:49 dlg Exp $ */ +/* $OpenBSD: pf.c,v 1.1167 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -305,8 +305,8 @@ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX] = { static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *); static inline int pf_state_compare_key(const struct pf_state_key *, const struct pf_state_key *); -static __inline int pf_state_compare_id(struct pf_state *, - struct pf_state *); +static inline int pf_state_compare_id(const struct pf_state *, + const struct pf_state *); #ifdef INET6 static __inline void pf_cksum_uncover(u_int16_t *, u_int16_t, u_int8_t); static __inline void pf_cksum_cover(u_int16_t *, u_int16_t, u_int8_t); @@ -320,8 +320,7 @@ struct pf_state_list pf_state_list = PF_STATE_LIST_INITIALIZER(pf_state_list); RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare); RBT_GENERATE(pf_state_tree, pf_state_key, sk_entry, pf_state_compare_key); -RB_GENERATE(pf_state_tree_id, pf_state, - entry_id, pf_state_compare_id); +RBT_GENERATE(pf_state_tree_id, pf_state, entry_id, pf_state_compare_id); int pf_addr_compare(const struct pf_addr *a, const struct pf_addr *b, @@ -541,7 +540,7 @@ pf_src_connlimit(struct pf_state **state) struct pf_state *st; pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; - RB_FOREACH(st, pf_state_tree_id, &tree_id) { + RBT_FOREACH(st, pf_state_tree_id, &tree_id) { sk = st->key[PF_SK_WIRE]; /* * Kill states from this source. (Only those @@ -715,8 +714,8 @@ pf_state_compare_key(const struct pf_state_key *a, return (0); } -static __inline int -pf_state_compare_id(struct pf_state *a, struct pf_state *b) +static inline int +pf_state_compare_id(const struct pf_state *a, const struct pf_state *b) { if (a->id > b->id) return (1); @@ -1054,7 +1053,7 @@ pf_state_insert(struct pfi_kif *kif, struct pf_state_key **skwp, s->id = htobe64(pf_status.stateid++); s->creatorid = pf_status.hostid; } - if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) { + if (RBT_INSERT(pf_state_tree_id, &tree_id, s) != NULL) { if (pf_status.debug >= LOG_NOTICE) { log(LOG_NOTICE, "pf: state insert failed: " "id: %016llx creatorid: %08x", @@ -1085,7 +1084,7 @@ pf_find_state_byid(struct pf_state_cmp *key) { pf_status.fcounters[FCNT_STATE_SEARCH]++; - return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); + return (RBT_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); } int @@ -1733,7 +1732,7 @@ pf_remove_state(struct pf_state *cur) if (cur->key[PF_SK_STACK]->proto == IPPROTO_TCP) pf_set_protostate(cur, PF_PEER_BOTH, TCPS_CLOSED); - RB_REMOVE(pf_state_tree_id, &tree_id, cur); + RBT_REMOVE(pf_state_tree_id, &tree_id, cur); #if NPFLOW > 0 if (cur->state_flags & PFSTATE_PFLOW) export_pflow(cur); diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 302984d889d..2dd787ba15b 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.394 2023/01/04 02:00:49 dlg Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.395 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1796,10 +1796,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) NET_LOCK(); PF_LOCK(); PF_STATE_ENTER_WRITE(); - for (s = RB_MIN(pf_state_tree_id, &tree_id); s; - s = nexts) { - nexts = RB_NEXT(pf_state_tree_id, &tree_id, s); - + RBT_FOREACH_SAFE(s, pf_state_tree_id, &tree_id, nexts) { if (s->direction == PF_OUT) { sk = s->key[PF_SK_STACK]; srcaddr = &sk->addr[1]; @@ -2828,7 +2825,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) NET_LOCK(); PF_LOCK(); PF_STATE_ENTER_WRITE(); - RB_FOREACH(state, pf_state_tree_id, &tree_id) + RBT_FOREACH(state, pf_state_tree_id, &tree_id) pf_src_tree_remove_state(state); PF_STATE_EXIT_WRITE(); RB_FOREACH(n, pf_src_tree, &tree_src_tracking) @@ -2861,7 +2858,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (sn->states != 0) { PF_ASSERT_LOCKED(); PF_STATE_ENTER_WRITE(); - RB_FOREACH(s, pf_state_tree_id, + RBT_FOREACH(s, pf_state_tree_id, &tree_id) pf_state_rm_src_node(s, sn); PF_STATE_EXIT_WRITE(); diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 171242c71b6..a3d8d6333cd 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.72 2022/08/31 11:29:12 benno Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.73 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -311,10 +311,8 @@ pf_map_addr_sticky(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, } if (sns[type]->states != 0) { /* XXX expensive */ - RB_FOREACH(s, pf_state_tree_id, - &tree_id) - pf_state_rm_src_node(s, - sns[type]); + RBT_FOREACH(s, pf_state_tree_id, &tree_id) + pf_state_rm_src_node(s, sns[type]); } sns[type]->expire = 1; pf_remove_src_node(sns[type]); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 0ac0adbdda1..f05e19436dc 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.526 2023/01/04 02:00:49 dlg Exp $ */ +/* $OpenBSD: pfvar.h,v 1.527 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1581,10 +1581,6 @@ RB_HEAD(pf_src_tree, pf_src_node); RB_PROTOTYPE(pf_src_tree, pf_src_node, entry, pf_src_compare); extern struct pf_src_tree tree_src_tracking; -RB_HEAD(pf_state_tree_id, pf_state); -RB_PROTOTYPE(pf_state_tree_id, pf_state, - entry_id, pf_state_compare_id); -extern struct pf_state_tree_id tree_id; extern struct pf_state_list pf_state_list; TAILQ_HEAD(pf_queuehead, pf_queuespec); diff --git a/sys/net/pfvar_priv.h b/sys/net/pfvar_priv.h index 209a2e7ee63..207d20d77cf 100644 --- a/sys/net/pfvar_priv.h +++ b/sys/net/pfvar_priv.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar_priv.h,v 1.28 2023/01/04 02:00:49 dlg Exp $ */ +/* $OpenBSD: pfvar_priv.h,v 1.29 2023/01/04 10:31:55 dlg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -129,6 +129,10 @@ struct pf_state { u_int8_t snapped; /* [S] */ }; +RBT_HEAD(pf_state_tree_id, pf_state); +RBT_PROTOTYPE(pf_state_tree_id, pf_state, entry_id, pf_state_compare_id); +extern struct pf_state_tree_id tree_id; + /* * * states are linked into a global list to support the following -- 2.20.1