From owner-freebsd-current@FreeBSD.ORG Fri Jun 1 17:01:30 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BC4C816A41F for ; Fri, 1 Jun 2007 17:01:30 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 2D52113C4B7 for ; Fri, 1 Jun 2007 17:01:29 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 46748 invoked from network); 1 Jun 2007 16:17:05 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 1 Jun 2007 16:17:05 -0000 Message-ID: <466050E9.70301@freebsd.org> Date: Fri, 01 Jun 2007 19:01:29 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 MIME-Version: 1.0 To: Max Laier References: <20070601103549.GA22490@localhost.localdomain> <200706011717.54698.max@love2party.net> <002801c7a467$d70da190$8528e4b0$@Hennessy@nviz.net> <200706011822.33043.max@love2party.net> In-Reply-To: <200706011822.33043.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org, Greg Hennessy , freebsd-pf@freebsd.org Subject: Re: pf(4) status in 7.0-R X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jun 2007 17:01:30 -0000 Max Laier wrote: > On Friday 01 June 2007, Greg Hennessy wrote: > >>>ditto. I'd like to import a couple of features on a per-feature base >>>rather than doing a complete import which isn't possible anymore due >>>to SMP and routing code changes. >> >>Is the inability to completely sync PF with the latest OpenBSD release >>cast in stone for here on, or it an issue of resource to do ? >> >>Just curious in light of recent PF improvements as detailed here >> >>http://www.undeadly.org/cgi?action=article&sid=20070528213858 > > This is a completely unrelated issue really. Is debateable if it is good > practice to put all that information into the pkthdr, but the speed > improvement is something for sure. It remains to be seen if FreeBSD's > mbuf tags perform as badly as OpenBSD's and - if they do - what can be > done about that. One thing to keep in mind, however, pf is not the one > and only Firewall in FreeBSD and there are *many* other places that use > mbuf tags, too. I would rather look for a more general optimization of > the mbuf tag framework - if required - , than gluttering the m_pkthdr > with all fields one can think of (pf, ipfw, ipf, vlans, ipsec, altq ...) I don't think it is appropriate to put pf specific flags and pointers into out mbuf header. Optimizations that may help is to make a UMA zone for the pf mtags, or - a bit hacky - use the remaining space in the mbuf when a cluster is attached (almost always the case for inbound packets). -- Andre