what would be even nicer is if ipfw found the cached entry and passed it back to ip_input so it didn't need to :-)
On Thu, 7 Mar 2002, Bill Fumerola wrote: > On Wed, Mar 06, 2002 at 05:07:55PM -0800, Terry Lambert wrote: > > > There are redundant calls to the in_pcblookup_hash() in the > > ip_fw_chk() function called via (*ip_fw_chk_ptr)() in the > > ip_input path. > > in addition to what you're talking about, ipfw will repeat the hash > lookup for every rule it goes through that has a uid or gid keyword. > > >http://people.freebsd.org/~billf/bsdcon2000/presentation/graphics/countudpfromanytoanyuidbillf.png > >http://people.freebsd.org/~billf/bsdcon2000/presentation/graphics/counttcpfromanytoanyuidbillf.png > > 'old ipfw' = ipfw as of oct 2000 > 'new ipfw' = ipfw w/pcb cache + uid cache (as part of a compiled ruleset) > > in the compiled case, in_pcblookup_hash() is called the first time a uid > needs compared. after that, uid lookups become a integer compare and not > another call to in_pcblookup_hash(). gid lookups still use groupmember() > each rule, but also don't have to do a pcb lookup each time. > > > Right now, I'm just talking about a way ip_input could pass > > the already looked up input inpcb to tcp_input, udp_input, > > or udp_ctlinput -- all of which repeat the lookup operation. > > my results are with a cached lookup just in the ipfw code, but if > ip_input() did the lookup and passed it to both ipfw and the protocol > handler that would be nice. > > -- > - bill fumerola / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
