diff options
| author |   henning <henning@openbsd.org> | 2008-07-03 15:46:23 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2008-07-03 15:46:23 +0000 |
| commit | 954bc2dcb1e70c230b682d9ee529ca9222e97d57 (patch) | |
| tree | 54eab3fdef036acb5730176ea8dcde6740ba4f3f /sys/netinet/tcp_input.c | |
| parent | Add struct for VC_EXTENSION_UNIT and dump it in debug mode. (diff) | |
| download | wireguard-openbsd-954bc2dcb1e70c230b682d9ee529ca9222e97d57.tar.xz wireguard-openbsd-954bc2dcb1e70c230b682d9ee529ca9222e97d57.zip | |
link pf state keys to tcp pcbs and vice versa.
when we first do a pcb lookup and we have a pointer to a pf state key
in the mbuf header, store the state key pointer in the pcb and a pointer
to the pcb we just found in the state key. when either the state key
or the pcb is removed, clear the pointers.
on subsequent packets inbound we can skip the pcb lookup and just use the
pointer from the state key.
on subsequent packets outbound we can skip the state key lookup and use
the pointer from the pcb.
about 8% speedup with 100 concurrent tcp sessions, should help much more
with more tcp sessions.
ok markus ryan
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 50 |
1 files changed, 38 insertions, 12 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index ebe272227fe..15e6dde0424 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.219 2008/06/14 22:15:30 jsing Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.220 2008/07/03 15:46:24 henning Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -97,6 +97,11 @@ #include "faith.h" +#include "pf.h" +#if NPF > 0 +#include <net/pfvar.h> +#endif + struct tcpiphdr tcp_saveti; int tcp_mss_adv(struct ifnet *, int); @@ -365,7 +370,7 @@ void tcp_input(struct mbuf *m, ...) { struct ip *ip; - struct inpcb *inp; + struct inpcb *inp = NULL; u_int8_t *optp = NULL; int optlen = 0; int tlen, off; @@ -590,19 +595,32 @@ tcp_input(struct mbuf *m, ...) * Locate pcb for segment. */ findpcb: - switch (af) { +#if NPF > 0 + if (m->m_pkthdr.pf.statekey) + inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; +#endif + if (inp == NULL) { + switch (af) { #ifdef INET6 - case AF_INET6: - inp = in6_pcbhashlookup(&tcbtable, &ip6->ip6_src, th->th_sport, - &ip6->ip6_dst, th->th_dport); - break; + case AF_INET6: + inp = in6_pcbhashlookup(&tcbtable, &ip6->ip6_src, + th->th_sport, &ip6->ip6_dst, th->th_dport); + break; +#endif + case AF_INET: + inp = in_pcbhashlookup(&tcbtable, ip->ip_src, + th->th_sport, ip->ip_dst, th->th_dport); + break; + } +#if NPF > 0 + if (m->m_pkthdr.pf.statekey && inp) { + ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = + inp; + inp->inp_pf_sk = m->m_pkthdr.pf.statekey; + } #endif - case AF_INET: - inp = in_pcbhashlookup(&tcbtable, ip->ip_src, th->th_sport, - ip->ip_dst, th->th_dport); - break; } - if (inp == 0) { + if (inp == NULL) { int inpl_flags = 0; if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) inpl_flags = INPLOOKUP_WILDCARD; @@ -860,6 +878,14 @@ after_listen: panic("tcp_input: TCPS_LISTEN"); #endif +#if NPF > 0 + if (m->m_pkthdr.pf.statekey) { + ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = + inp; + inp->inp_pf_sk = m->m_pkthdr.pf.statekey; + } +#endif + #ifdef IPSEC /* Find most recent IPsec tag */ mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |