Date: Fri, 01 Jun 2007 19:01:29 +0200 From: Andre Oppermann <andre@freebsd.org> To: Max Laier <max@love2party.net> Cc: freebsd-current@freebsd.org, Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org Subject: Re: pf(4) status in 7.0-R Message-ID: <466050E9.70301@freebsd.org> In-Reply-To: <200706011822.33043.max@love2party.net> References: <20070601103549.GA22490@localhost.localdomain> <200706011717.54698.max@love2party.net> <002801c7a467$d70da190$8528e4b0$@Hennessy@nviz.net> <200706011822.33043.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > On Friday 01 June 2007, Greg Hennessy wrote: > >>>ditto. I'd like to import a couple of features on a per-feature base >>>rather than doing a complete import which isn't possible anymore due >>>to SMP and routing code changes. >> >>Is the inability to completely sync PF with the latest OpenBSD release >>cast in stone for here on, or it an issue of resource to do ? >> >>Just curious in light of recent PF improvements as detailed here >> >>http://www.undeadly.org/cgi?action=article&sid=20070528213858 > > This is a completely unrelated issue really. Is debateable if it is good > practice to put all that information into the pkthdr, but the speed > improvement is something for sure. It remains to be seen if FreeBSD's > mbuf tags perform as badly as OpenBSD's and - if they do - what can be > done about that. One thing to keep in mind, however, pf is not the one > and only Firewall in FreeBSD and there are *many* other places that use > mbuf tags, too. I would rather look for a more general optimization of > the mbuf tag framework - if required - , than gluttering the m_pkthdr > with all fields one can think of (pf, ipfw, ipf, vlans, ipsec, altq ...) I don't think it is appropriate to put pf specific flags and pointers into out mbuf header. Optimizations that may help is to make a UMA zone for the pf mtags, or - a bit hacky - use the remaining space in the mbuf when a cluster is attached (almost always the case for inbound packets). -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?466050E9.70301>