mirror of
https://github.com/opnsense/src.git
synced 2026-02-27 11:50:47 -05:00
5c95417dad
lock mac_ifnet_mtx, which protects labels on struct ifnet, unless at least one policy is actively using labels on ifnets. This avoids a global mutex acquire in certain fast paths -- most noticeably ifnet transmit. This was previously invisible by default, as no MAC policies were loaded by default, but recently became visible due to mac_ntpd being enabled by default. gallatin@ reports a reduction in PPS overhead from 300% to 2.2% with this change. We will want to explore further MAC Framework optimisation to reduce overhead further, but this brings things more back into the world of the sane. MFC after: 3 days |
||
|---|---|---|
| .. | ||
| audit | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ifoff | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_ntpd | ||
| mac_partition | ||
| mac_portacl | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||
| mac_veriexec | ||
| mac_veriexec_parser | ||