From owner-freebsd-pf@FreeBSD.ORG Wed May 15 19:04:44 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 79A3F53A for ; Wed, 15 May 2013 19:04:44 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qe0-f54.google.com (mail-qe0-f54.google.com [209.85.128.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3BD8A3D4 for ; Wed, 15 May 2013 19:04:44 +0000 (UTC) Received: by mail-qe0-f54.google.com with SMTP id q19so1449997qeb.41 for ; Wed, 15 May 2013 12:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=ZK5dy393Jtr1vGlxqIO7qT/MmtJGPWv/YO2XbHGlZdE=; b=vYzgnSIe7VkPq+f+pX9py6fiFy8Igx5JwSGWMsboSw/lEHzV2wtI77iDutTLuZVFLJ Hlxh8v8mYs8/uT6USDWU7lgXuoTmzCeWoR/mwv2139+pgbch1YPX+1XAxkle9cHfXIwe EVLIYO5Ktv+7aQGjHoiQydYs8d+fm8zUk/4MfrMzQij9jnJ3juGIrwqZ9aK0Sh01vFsw GFsnFtTKVGy4eXGIMBvl4FxGOJ39rlJDRP6+kUk3vj09ViqicVg613wwgHr25Qc4DuPQ mVd0c+79/SxuXJ/nzSNHGkK9FBhrbINyo/KE4oii21HCk83bhoXLsIUGRo1SYZb8+/Nd qXmw== MIME-Version: 1.0 X-Received: by 10.229.203.5 with SMTP id fg5mr12387691qcb.14.1368644683524; Wed, 15 May 2013 12:04:43 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.49.47.52 with HTTP; Wed, 15 May 2013 12:04:43 -0700 (PDT) In-Reply-To: References: Date: Wed, 15 May 2013 15:04:43 -0400 X-Google-Sender-Auth: goQHvLLzPPsHIc73d3gSFN6KK60 Message-ID: Subject: Re: Reloading anchors with many streams From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Manoj Ganesan Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 May 2013 19:04:44 -0000 On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan wro= te: > On Wed, May 15, 2013 at 12:06 PM, Ermal Lu=E7i wrote: > >> >> >> >> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan wrote: >> >>> Hey everyone, >>> >>> I'm just beginning to use FreeBSD + PF, for a use-case of multiple (100= 0s >>> of) UDP streams, each attached via an anchor. When I unload/flush one o= f >>> these anchors (say I tear down a stream), does it affect the other >>> streams >>> enough to create jitter? In general, does reloading or manipulating an >>> anchor cause the other connections to be affected negatively? >>> >>> >> Well you will affect the streams since you have to grab the ruleset lock >> for it to add and remove rules. >> Anchors need to be setup as well during the same process so, yes, you >> will pause the other streams. >> >> >>> Also, design-wise is this an okay approach, where I have to >>> bring-up/tear-down streams on the fly, and I use anchors for the purpos= e? >> >> >> By design that's correct, though if you can control the way you add the >> rules you can just avoid the anchors and just add straight rules. >> >> > Actually, I wanted to add rules dynamically. My understanding was that > using anchors was the only way to do it. Especially, because I want a > handle back to that rule so that I can delete it later. Is that correct? > If you do not use macros on your rules or rules that end up generating multiple rules you can add rules yourself. You can add and remove them through rules id which you can look up with pfctl -vv. If you keep reference of those rules you can just add rules with the right number and modify(delete) those with that number. > > >> Thanks, >>> Manoj >>> _______________________________________________ >>> freebsd-pf@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >>> >> >> >> >> -- >> Ermal >> > > Thanks! > --=20 Ermal