From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 16:14:33 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 351A16A3 for ; Tue, 23 Dec 2014 16:14:33 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 07E0064E31 for ; Tue, 23 Dec 2014 16:14:32 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-252-117.lns20.per2.internode.on.net [121.45.252.117]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sBNGENJc041552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 23 Dec 2014 08:14:25 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <549994D9.1050503@freebsd.org> Date: Wed, 24 Dec 2014 00:14:17 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: info@aknet.kg, freebsd-net@freebsd.org Subject: Re: Netmap-ipfw, how to fill a table by 15K entries ? References: <20141223130201.83220.333300601.swift@crm.aknet.kg> <54997C9F.7@grosbein.net> <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> In-Reply-To: <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 16:14:33 -0000 On 12/23/14 11:32 PM, info@aknet.kg wrote: > Eugene, > sure, first we tried was a method with file. > But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs > and we loose console interaction. > (the last FreeBSD-Stable 10.1) > > It needs to open new console and kill a process ./ipfw > /usr/local/.../rules.txt > > And ./ipfw table 10 list shows only 2-3 new rules from any (20 or > 15K in file) > > May be this case (placing many enties into tables) was not tested by > developers? I haven't used the file, but I have piped the commands into ipfw.. myscript | ipfw /dev/stdin where "myscript" outputs all the commands derived from my configuration. (actually myscript was a python program when I worked for cisco) > > Azamat > > Eugene Grosbein писал 2014-12-23 20:30: >> On 23.12.2014 20:02, IT Department, AkNet ISP wrote: >>> Hello to All >>> >>> Can anybody tell, how to fill a table with large number of entries ? >>> >>> Sure, It can be done by standard method by ./ipfw table 10 add >>> xxx.xxx.xxx.xxx in a script, but each entry takes couple of >>> seconds to >>> be placed into a table: >>> >>> ./ipfw table 10 add 192.168.10.50 >>> connected to 127.0.0.1:5555 >>> >>> And takes many hours to do all job. >>> >>> May be there is a way to open a socket and place a bulk commands, for >>> example: >>> telnet localhost 5555 >>> table 10 add xxx.xxx.xxx.xxx >>> >>> But it doesn't work as written above. >>> >>> May be Senior Luigi can explane how to do such work as fast as it >>> done by ordinary ipfw ? >> >> /sbin/ipfw can take full pathname of text file containing list of >> commands like: >> >> table 10 add x.x.x.x >> table 10 add x.x.x.y >> ... >> >> So, it parses them all and executes at once. Read man ipfw, section: >> LIST OF RULES AND PREPROCESSING >> >> Eugene Grosbein >> >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >