From owner-freebsd-hackers Sun Apr 6 01:27:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA05289 for hackers-outgoing; Sun, 6 Apr 1997 01:27:38 -0800 (PST) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA05276 for ; Sun, 6 Apr 1997 01:27:34 -0800 (PST) Message-Id: <199704060927.BAA05276@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA234118502; Sun, 6 Apr 1997 19:21:42 +1000 From: Darren Reed Subject: Re: ipfilter To: proff@suburbia.net Date: Sun, 6 Apr 1997 19:21:41 +1000 (EST) Cc: hackers@freebsd.org In-Reply-To: <19970405104422.22327.qmail@suburbia.net> from "proff@suburbia.net" at Apr 5, 97 08:44:22 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk If things get changed too much, I've got no chance in hell of trying to maintain ipfilter in -current. It's hard enough trying to track all the crazy changes that get made in NetBSD/FreeBSD these days without this adding to it. In some mail from proff@suburbia.net, sie said: > I have almost completed my ipfilter-current integration. If anyone > has any outstanding code can they please send it to me. > > ps. darren: I'm considering breaking out nearly all of your #includes into > seven different files: > > conf.h > dns.h > netkern.h > kernel.h > types.h > netinet.h > user.h > > At the moment the are a mess and not easily maintainable > across platforms. The changes in FreeBSD's include files don't > help, but ipfilter should be able to adapt more easily to > such conflicts. > > I still haven't nailed the mbuf leak in the tcp-state > following code. I've stopped the various panics that occur > when pass returns strange values, nonetheless ipf was happy > to eat over a 1000k in data mbuf's with only a few dozen > concurrently active connections last night, and a high-water > (according to ipfstat) of 78 connections. > > e.g > > 1408/1440 mbufs in use: > 1391 mbufs allocated to data > 1 mbufs allocated to packet headers > 13 mbufs allocated to protocol control blocks > 3 mbufs allocated to socket names and addresses > 313/318 mbuf clusters in use > 816 Kbytes allocated to network (98% in use) > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > -- > Prof. Julian Assange |If you want to build a ship, don't drum up people > |together to collect wood and don't assign them tasks > proff@suburbia.net |and work, but rather teach them to long for the endless > proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery >