From owner-freebsd-net@FreeBSD.ORG  Thu Apr 23 13:42:17 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3C6D8106564A
	for <freebsd-net@freebsd.org>; Thu, 23 Apr 2009 13:42:17 +0000 (UTC)
	(envelope-from ddg@yan.com.br)
Received: from mail.mastercabo.com.br (mail.mastercabo.com.br [189.91.0.40])
	by mx1.freebsd.org (Postfix) with SMTP id 6A4BC8FC23
	for <freebsd-net@freebsd.org>; Thu, 23 Apr 2009 13:42:15 +0000 (UTC)
	(envelope-from ddg@yan.com.br)
Received: (qmail 20574 invoked by uid 1008); 23 Apr 2009 13:15:35 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5-unknown (2008-06-10) on srvmail1
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=4.8 tests=BAYES_00,RDNS_NONE,
	SUBJ_ALL_CAPS autolearn=no version=3.2.5-unknown
Received: from unknown (HELO ?192.168.0.169?)
	(daniel@dgnetwork.com.br@189.91.0.65)
	by mail.mastercabo.com.br with SMTP; 23 Apr 2009 13:15:35 -0000
Message-ID: <49F06985.1000303@yan.com.br>
Date: Thu, 23 Apr 2009 10:13:41 -0300
From: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= <ddg@yan.com.br>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: IPFW MAX RULES COUNT PERFORMANCE
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ddg@yan.com.br
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 13:42:17 -0000

Hi,

My system is a FreeBSD 7.1R.
When I add rules IPFW COUNT to 254 IPS from my network, one of my 
interfaces increases the latency, causing large delays in the network, 
when I delete COUNT rules, everything returns to normal, which can be ?

My script:

ipcount.php
-- CUT --
<?
$c=0;
$a=50100;
for($x=0;$x<=0;$x++) {
        for($y=1;$y<=254;$y++) {
                $ip = "192.168.$x.$y";
                system("/sbin/ipfw -q add $a count { tcp or udp } from 
any to $ip/32");
                system("/sbin/ipfw -q add $a count { tcp or udp } from 
$ip/32 to any");
                #system("/sbin/ipfw delete $a");
                $c++;
                $a++;
        }
}
echo "\n\nTotal: $c\n";
?>
-- CUT --

net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 262
net.inet.ip.fw.dyn_max: 10000
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 10000
net.inet.ip.fw.default_rule: 65535
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.debug: 0
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1
net.link.ether.ipfw: 1
net.link.bridge.ipfw: 0
net.link.bridge.ipfw_arp: 0

Thanks,

Daniel