Date: Tue, 8 Aug 2006 09:24:26 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Julian Elischer <julian@elischer.org> Cc: Stefan Farfeleder <stefanf@freebsd.org>, "Andrey V. Elsukov" <bu7cher@yandex.ru>, net@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw2.c Message-ID: <20060808092426.B24892@xorpc.icir.org> In-Reply-To: <44D823E6.1000900@elischer.org>; from julian@elischer.org on Mon, Aug 07, 2006 at 10:40:54PM -0700 References: <200608051358.k75DwpYr070713@repoman.freebsd.org> <20060807092251.GS96644@FreeBSD.org> <44D774E9.4010309@elischer.org> <44D80E8D.7010709@yandex.ru> <44D823E6.1000900@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 07, 2006 at 10:40:54PM -0700, Julian Elischer wrote: > Andrey V. Elsukov wrote: > > > Julian Elischer wrote: > > > >> great.. I have been in ipfw(2) the last week and have some sugestions > >> for > >> increasing its efficiency.. especially the code that times out > >> dynamic rules. > > > > Can you explain your suggestions in detail? > > > I sent the following to luigi: > I repeat it here.. > > ------------ start comment to Luigi -------------- > > I haven't coded it yet but we run with maybe 50,000 dynamic rules at a > time. (hopefully a lot more, maybe 200,000 in the near future) > We need to simplify the code that times out the rules so that it doesn't > have to > scan through ALL the dynamic rules every clocktick. agreed. On the other hand, i think that a simpler solution could be used. Consider that the granularity of keepalives and expire can be much coarser than 1 tick - basically there are no adverse side effects if you round it up to 500-1000ms. So i'd just keep everything as it is now, except that at every call ipfw_tick() will only scan curr_dyn_buckets/HZ lists. This should reduce the load by 2-3 orders of magnitude and is trivial to implement. cheers luigi > Basically I was thinking of implementing a timing wheel representing > the next "600" seconds or so. > (600 slots). "now" moves around the wheel. > (The size of the wheel is the size of the largest lifetime value.) > (maybe with a backup wheel at 600 seconds per slot or something) > > Each dynamic entry has an extra linkage to allow it to be linked > onto the appropriate slot. whenever you use an entry you take it out > of where-ever it is and put it into it's new slot X seconds into the > future. > > At each tick you take all the entries that have reached "now" > and do whatever needs t be done on only those entries. > thus at each tick you only have a small amount of work to > do instead fo looking at all 50,000 entries. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060808092426.B24892>