path: root/sys/netipsec
diff options
authorGleb Smirnoff <glebius@FreeBSD.org>2019-10-07 22:40:05 +0000
committerGleb Smirnoff <glebius@FreeBSD.org>2019-10-07 22:40:05 +0000
commitb8a6e03fac922677455d8e0977831506cf8212e8 (patch)
tree28fc099c8daca3278068766b2863e110876865ce /sys/netipsec
parent746c7ae563142eaae423b0e6c0077ef2013c2435 (diff)
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically dropped in place of existing locking, which was mutexes and rwlocks. For the sake of performance mutex covered areas were as small as possible, so became epoch covered areas. However, epoch doesn't introduce any contention, it just delays memory reclaim. So, there is no point to minimise epoch covered areas in sense of performance. Meanwhile entering/exiting epoch also has non-zero CPU usage, so doing this less often is a win. Not the least is also code maintainability. In the new paradigm we can assume that at any stage of processing a packet, we are inside network epoch. This makes coding both input and output path way easier. On output path we already enter epoch quite early - in the ip_output(), in the ip6_output(). This patch does the same for the input path. All ISR processing, network related callouts, other ways of packet injection to the network stack shall be performed in net_epoch. Any leaf function that walks network configuration now asserts epoch. Tricky part is configuration code paths - ioctls, sysctls. They also call into leaf functions, so some need to be changed. This patch would introduce more epoch recursions (see EPOCH_TRACE) than we had before. They will be cleaned up separately, as several of them aren't trivial. Note, that unlike a lock recursion the epoch recursion is safe and just wastes a bit of resources. Reviewed by: gallatin, hselasky, cy, adrian, kristof Differential Revision: https://reviews.freebsd.org/D19111
Notes: svn path=/head/; revision=353292
Diffstat (limited to 'sys/netipsec')
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c
index df09eb36cfa3..96cffd6305a4 100644
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@@ -52,6 +52,8 @@
#include <net/netisr.h>
#include <net/vnet.h>
+#include <net/if.h> /* XXXGL: net_epoch should move out there */
+#include <net/if_var.h> /* XXXGL: net_epoch should move out there */
#include <netipsec/ipsec.h>
#include <netipsec/xform.h>
@@ -122,6 +124,8 @@ ipcomp_nonexp_input(struct mbuf *m, int off, int proto, void *arg __unused)
int isr;
switch (proto) {
#ifdef INET