From owner-freebsd-ipfw@FreeBSD.ORG  Fri Apr 24 17:11:12 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 633C2106566C
	for <freebsd-ipfw@freebsd.org>; Fri, 24 Apr 2009 17:11:12 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 118E88FC1E
	for <freebsd-ipfw@freebsd.org>; Fri, 24 Apr 2009 17:11:10 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n3OH0Bpc070463;
	Sat, 25 Apr 2009 03:00:12 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Sat, 25 Apr 2009 03:00:11 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: =?ISO-8859-1?Q?Daniel_Dias_Gon=E7alves?= <ddg@yan.com.br>
In-Reply-To: <49F1D992.9000001@yan.com.br>
Message-ID: <20090425024635.O89549@sola.nimnet.asn.au>
References: <49F06985.1000303@yan.com.br> <49F08071.1070905@ibctech.ca>
	<49F1D992.9000001@yan.com.br>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1854651572-1240592411=:89549"
Cc: freebsd-ipfw@freebsd.org, Steve Bertrand <steve@ibctech.ca>
Subject: Re: IPFW MAX RULES COUNT PERFORMANCE
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2009 17:11:12 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-1854651572-1240592411=:89549
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT

On Fri, 24 Apr 2009, Daniel Dias Gonçalves wrote:

 > The latency in the interface em6 increased an average of 10ms to 200 ~ 300ms
 > Hardware:
 > CPU: Intel(R) Xeon(TM) CPU 3.20GHz (3200.13-MHz 686-class CPU)
 >  Logical CPUs per core: 2
 > FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 > cpu0: <ACPI CPU> on acpi0
 > p4tcc0: <CPU Frequency Thermal Control> on cpu0
 > cpu1: <ACPI CPU> on acpi0
 > p4tcc1: <CPU Frequency Thermal Control> on cpu1
 > cpu2: <ACPI CPU> on acpi0
 > p4tcc2: <CPU Frequency Thermal Control> on cpu2
 > cpu3: <ACPI CPU> on acpi0
 > p4tcc3: <CPU Frequency Thermal Control> on cpu3
 > SMP: AP CPU #1 Launched!
 > SMP: AP CPU #3 Launched!
 > SMP: AP CPU #2 Launched!
 > 
 > real memory  = 9663676416 (9216 MB)
 > avail memory = 8396738560 (8007 MB)

In that case, there really is something else wrong.  By my measurements, 
rummaging through most of >1000 rules on a old 166MHz Pentium to get to 
the icmp allow rules (ridiculous, I know) added about 2ms to local net 
pings via that box, ie 1ms each pass for about 900 rules, mostly counts.

cheers, Ian
--0-1854651572-1240592411=:89549--