From owner-freebsd-pf@FreeBSD.ORG Wed May 15 17:06:55 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9923FF46 for ; Wed, 15 May 2013 17:06:55 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qe0-f54.google.com (mail-qe0-f54.google.com [209.85.128.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5F9F5D70 for ; Wed, 15 May 2013 17:06:55 +0000 (UTC) Received: by mail-qe0-f54.google.com with SMTP id q19so1373224qeb.41 for ; Wed, 15 May 2013 10:06:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=963AcLCowXCKcP2NPva5i7opVXpcSE8Q1w3PTN06PIY=; b=dQEiwQbXn7o64Yp+lhCZYiov2KjH1Q65zUaYicNpBfKRpyP0s1zijc2d4kpcCHgSHG juWrd4SaLkmex69gV+HIJhItPmNzz1nn4ZlhEazLawo6UTYfwj4uvg75ZDyyHAdmTLR2 ZNPagO4BqbOcSJZG+MjlDiQPptmqPR+KHLLAAeNkd4/y/2njDIAYkHgEomXFiOlPsvg1 llelHCRCaf0twjlMeev7BnM6KQwDCovp0osLL00N4CP9tRrDV2jJb59UoX5+b6aYwNzP Zs8Yg6LiL15iYl50bhfN9GORMdnTgYwRtPvu+Sdz7t0A7QWIJDFieOO5hbKNAZJRkIqc ivCA== MIME-Version: 1.0 X-Received: by 10.229.62.194 with SMTP id y2mr12052572qch.23.1368637614532; Wed, 15 May 2013 10:06:54 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.49.47.52 with HTTP; Wed, 15 May 2013 10:06:54 -0700 (PDT) In-Reply-To: References: Date: Wed, 15 May 2013 13:06:54 -0400 X-Google-Sender-Auth: ozp7--_vExCWC4G3tX-qWcLu3WM Message-ID: Subject: Re: Reloading anchors with many streams From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Manoj Ganesan Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2013 17:06:55 -0000 On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan wrote: > Hey everyone, > > I'm just beginning to use FreeBSD + PF, for a use-case of multiple (1000s > of) UDP streams, each attached via an anchor. When I unload/flush one of > these anchors (say I tear down a stream), does it affect the other streams > enough to create jitter? In general, does reloading or manipulating an > anchor cause the other connections to be affected negatively? > > Well you will affect the streams since you have to grab the ruleset lock for it to add and remove rules. Anchors need to be setup as well during the same process so, yes, you will pause the other streams. > Also, design-wise is this an okay approach, where I have to > bring-up/tear-down streams on the fly, and I use anchors for the purpose? By design that's correct, though if you can control the way you add the rules you can just avoid the anchors and just add straight rules. > Thanks, > Manoj > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal