From nobody Mon Aug 16 13:57:36 2021 X-Original-To: freebsd-ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B49831768585; Mon, 16 Aug 2021 13:57:47 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GpG2L37yDz4W5g; Mon, 16 Aug 2021 13:57:46 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from sas1-f446987054ad.qloud-c.yandex.net (sas1-f446987054ad.qloud-c.yandex.net [IPv6:2a02:6b8:c08:bf8a:0:640:f446:9870]) by forward100p.mail.yandex.net (Yandex) with ESMTP id D6EEB5980EEC; Mon, 16 Aug 2021 16:57:37 +0300 (MSK) Received: from sas2-1cbd504aaa99.qloud-c.yandex.net (sas2-1cbd504aaa99.qloud-c.yandex.net [2a02:6b8:c14:7101:0:640:1cbd:504a]) by sas1-f446987054ad.qloud-c.yandex.net (mxback/Yandex) with ESMTP id 2aMQ2cidaJ-vbIOOCIs; Mon, 16 Aug 2021 16:57:37 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1629122257; bh=1DfMwVSzFZAD4za0t5B4qRHFNB/wSjp0j6OsBzif21w=; h=In-Reply-To:References:Date:Message-ID:From:To:Subject; b=UYDEW1S/ypMwoNqyIZE8GchX+e9e+8qWJeA2lHvNbghjkmEek6DWzJ+fecqTgr3uL MCBpnz7JbgpU189ybXXj4S8RvIVminpDk6gLaSj+AMtW+NvuvPGnMNZx0Sek0WnjEd 7Vnbwtl1A5Hg+zsU7vXqJsBhd7/5jXpHrQKUMdNU= Received: by sas2-1cbd504aaa99.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id wViyCcSAFE-vbUmNhc8; Mon, 16 Aug 2021 16:57:37 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: Throughput extremely decreases when IPFW 7000 mac based rules activated To: Eugene Grosbein , alfadev , "freebsd-hackers@FreeBSD.org" , "freebsd-ipfw@FreeBSD.org" , "Alexander V. Chernikov" References: <7a737f3d-e291-e8a1-b629-09365a99c937@grosbein.net> From: "Andrey V. Elsukov" Message-ID: <2f5f9f6e-27da-1d4a-e462-93ef12f84d33@yandex.ru> Date: Mon, 16 Aug 2021 16:57:36 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 In-Reply-To: <7a737f3d-e291-e8a1-b629-09365a99c937@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wbct9JzOgqnVweG2vEHvgb1NQueBvX6kw" X-Rspamd-Queue-Id: 4GpG2L37yDz4W5g X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b="UYDEW1S/"; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 77.88.28.100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.07 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip4:77.88.0.0/18]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; NEURAL_HAM_SHORT(-0.97)[-0.968]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[grosbein.net,protonmail.com,FreeBSD.org,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:77.88.0.0/18, country:RU]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[77.88.28.100:from] X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wbct9JzOgqnVweG2vEHvgb1NQueBvX6kw Content-Type: multipart/mixed; boundary="nrBYf2gus7xPntRhO5VGfCPpYsJREMn9z"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , alfadev , "freebsd-hackers@FreeBSD.org" , "freebsd-ipfw@FreeBSD.org" , "Alexander V. Chernikov" Message-ID: <2f5f9f6e-27da-1d4a-e462-93ef12f84d33@yandex.ru> Subject: Re: Throughput extremely decreases when IPFW 7000 mac based rules activated References: <7a737f3d-e291-e8a1-b629-09365a99c937@grosbein.net> In-Reply-To: <7a737f3d-e291-e8a1-b629-09365a99c937@grosbein.net> --nrBYf2gus7xPntRhO5VGfCPpYsJREMn9z Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable 10.08.2021 08:08, Eugene Grosbein =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > Such ruleset could decrease filtering overhead several times but I'm > afraid that ipfw is not right tool for this task at the moment. >=20 > ipfw has "tables" to optimize large list matching and they perform > great but for layer3 IP matching, not for layer2 MAC matching. We have a patch that adds ability to keep MAC addresses in the tables. I hope we will push it into upstreem soon. --=20 WBR, Andrey V. Elsukov --nrBYf2gus7xPntRhO5VGfCPpYsJREMn9z-- --wbct9JzOgqnVweG2vEHvgb1NQueBvX6kw Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAmEabtAFAwAAAAAACgkQAcXqBBDIoXq2 TQgAsQK2y8hlwBojnQ25ibtxtbhFcaXOZRsCVJ9mgMNfsHyjG0LlSLR38wF851I7fPUf7gI+3tWt j9UbNVdxnSwFRvdhu9leXS7RUfDo4GhwCoFt8KSbtSvi9AlOMqiXgMolE1CY/0lD9JfHvMa2VnFN eiTX+0hPbt8t+T6lnXg+Az0h0h/OtDEodDNIy1PPKteGAfng+kG8cOVulLeLsk+KLPlM6SMfGw3p OO+F2aM8A0sl+KIrRdc86vUbQ54lrmeNBG0OS51k9Vx+QVWxUcPN04EeRFgU7Q2JWRwsgFLhZrHL GVqTar55rFf+2IB4h6MrJXOE6UxMj90Ie/e8veCDNw== =EX5L -----END PGP SIGNATURE----- --wbct9JzOgqnVweG2vEHvgb1NQueBvX6kw-- From nobody Sun Aug 22 21:00:38 2021 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 290101785209 for ; Sun, 22 Aug 2021 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gt77V6GmTz3GdS for ; Sun, 22 Aug 2021 21:00:38 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 78A3D2793B for ; Sun, 22 Aug 2021 21:00:38 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 17ML0chw053709 for ; Sun, 22 Aug 2021 21:00:38 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 17ML0cHg053708 for ipfw@FreeBSD.org; Sun, 22 Aug 2021 21:00:38 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202108222100.17ML0cHg053708@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 22 Aug 2021 21:00:38 +0000 List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="16296660382.1edF641Ba.52715" Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: Y --16296660382.1edF641Ba.52715 Date: Sun, 22 Aug 2021 21:00:38 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New | 232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. --16296660382.1edF641Ba.52715--