From owner-freebsd-net@FreeBSD.ORG Tue Aug 8 16:24:31 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E747B16A4E1; Tue, 8 Aug 2006 16:24:31 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6AE2C43D5C; Tue, 8 Aug 2006 16:24:31 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k78GORns025575; Tue, 8 Aug 2006 09:24:27 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k78GOQXN025574; Tue, 8 Aug 2006 09:24:26 -0700 (PDT) (envelope-from rizzo) Date: Tue, 8 Aug 2006 09:24:26 -0700 From: Luigi Rizzo To: Julian Elischer Message-ID: <20060808092426.B24892@xorpc.icir.org> References: <200608051358.k75DwpYr070713@repoman.freebsd.org> <20060807092251.GS96644@FreeBSD.org> <44D774E9.4010309@elischer.org> <44D80E8D.7010709@yandex.ru> <44D823E6.1000900@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <44D823E6.1000900@elischer.org>; from julian@elischer.org on Mon, Aug 07, 2006 at 10:40:54PM -0700 Cc: Stefan Farfeleder , "Andrey V. Elsukov" , net@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw2.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 16:24:32 -0000 On Mon, Aug 07, 2006 at 10:40:54PM -0700, Julian Elischer wrote: > Andrey V. Elsukov wrote: > > > Julian Elischer wrote: > > > >> great.. I have been in ipfw(2) the last week and have some sugestions > >> for > >> increasing its efficiency.. especially the code that times out > >> dynamic rules. > > > > Can you explain your suggestions in detail? > > > I sent the following to luigi: > I repeat it here.. > > ------------ start comment to Luigi -------------- > > I haven't coded it yet but we run with maybe 50,000 dynamic rules at a > time. (hopefully a lot more, maybe 200,000 in the near future) > We need to simplify the code that times out the rules so that it doesn't > have to > scan through ALL the dynamic rules every clocktick. agreed. On the other hand, i think that a simpler solution could be used. Consider that the granularity of keepalives and expire can be much coarser than 1 tick - basically there are no adverse side effects if you round it up to 500-1000ms. So i'd just keep everything as it is now, except that at every call ipfw_tick() will only scan curr_dyn_buckets/HZ lists. This should reduce the load by 2-3 orders of magnitude and is trivial to implement. cheers luigi > Basically I was thinking of implementing a timing wheel representing > the next "600" seconds or so. > (600 slots). "now" moves around the wheel. > (The size of the wheel is the size of the largest lifetime value.) > (maybe with a backup wheel at 600 seconds per slot or something) > > Each dynamic entry has an extra linkage to allow it to be linked > onto the appropriate slot. whenever you use an entry you take it out > of where-ever it is and put it into it's new slot X seconds into the > future. > > At each tick you take all the entries that have reached "now" > and do whatever needs t be done on only those entries. > thus at each tick you only have a small amount of work to > do instead fo looking at all 50,000 entries. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"