From owner-freebsd-net@FreeBSD.ORG Tue Dec 27 10:38:27 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7740F106564A for ; Tue, 27 Dec 2011 10:38:27 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 152968FC0A for ; Tue, 27 Dec 2011 10:38:26 +0000 (UTC) Received: by wgbdr11 with SMTP id dr11so20819977wgb.31 for ; Tue, 27 Dec 2011 02:38:25 -0800 (PST) Received: by 10.227.60.14 with SMTP id n14mr26989507wbh.5.1324980933901; Tue, 27 Dec 2011 02:15:33 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id dd4sm64320659wib.1.2011.12.27.02.15.32 (version=SSLv3 cipher=OTHER); Tue, 27 Dec 2011 02:15:32 -0800 (PST) Message-ID: <4EF99AC5.4030104@my.gd> Date: Tue, 27 Dec 2011 11:15:33 +0100 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <1498545030.20111227015431@nitronet.pl> In-Reply-To: <1498545030.20111227015431@nitronet.pl> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: PF vs IPFW (was: Re: Firewall Profiling.) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2011 10:38:27 -0000 On 12/27/11 1:54 AM, Pawel Tyll wrote: > Hi lists, > > Are there any profiling tools in the system or ports that would allow > me to determine how much processing is being done per packet and how > long does it take? I would like to predict possible PPS load for my > system and perhaps locate and remove some bottlenecks. > > Is IPFW efficient enough to firewall 2x10GE (in+out) interfaces > without much latency increase, when running on modern hardware > with Intel NICs? Majority of processing tasks would probably be setfib > according to matches in tables. > > Pawel. > Sorry for hijacking the thread. Is there a reason some people use IPFW over PF ? Like, performance perhaps ? Since its inclusion in the base system, I have only ever used PF and have never had major problems with it.