From owner-freebsd-current Fri Jan 7 10:20:50 2000 Delivered-To: freebsd-current@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 53D7A157FA for ; Fri, 7 Jan 2000 10:20:43 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA11875; Fri, 7 Jan 2000 10:20:32 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001071820.KAA11875@gndrsh.dnsmgr.net> Subject: Re: ipfw optimizations In-Reply-To: <003301bf5937$90b0c340$c80aa8c0@local.mindstep.com> from Patrick Bihan-Faou at "Jan 7, 2000 12:49:37 pm" To: patrick@mindstep.com (Patrick Bihan-Faou) Date: Fri, 7 Jan 2000 10:20:32 -0800 (PST) Cc: luigi@info.iet.unipi.it (Luigi Rizzo), freebsd-current@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Charset iso-8859-1 unsupported, filtering to ASCII...] > Hi Luigi, > > > > i am looking at (minor) optimizations of the ipfw code in order to reduce > > the running time in the common cases. > > > > I have a few ideas (mostly along the lines of optimizing for the > > most commonly-used rules). An obvious candidate is the 'match all' > > rule (all from any to any), but can people suggest other common > > usage of rules in ipfw ? > > One of the things I would do to optimize ipfw is: > - instead of keeping one list with all the rules, split the list (the > internal one) by interface and by direction (one list for ed1 incoming, > one list for ed1 outgoing, etc.). I often do this manually in long rule sets by using things like ipfw add 1000 skipto 10000 from any to any via de0 ipfw add 1001 skipto 20000 from any to any via de1 ... ipfw add 10000 skipto 15000 from any to any in via de0 #process outbound on de0 rules here ipfw add 15000 blah blah # processing inbound on de0 rules here Do similiar things at 20000... You can reduce the number of skipto's by using a more explicit set of rules at 1000, such as doing full 4 way branch: ipfw add 1000 skipto 10000 from any to any in via de0 ipfw add 1001 skipto 15000 from any to any out via de0 ipfw add 1002 skipto 20000 from any to any in via de1 ipfw add 1003 skipto 25000 from any to any out via de1 Anotherwords, don't burden the ipfw with code that can easily be done by an intellegent user, and some more examples/documentation... -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message