Date: Fri, 17 Oct 2008 19:56:00 +0300 From: Anatoliy <e9@homei.net.ua> To: Julian Elischer <julian@elischer.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw rules optimitsing Message-ID: <48F8C3A0.1000906@homei.net.ua> In-Reply-To: <48F8743B.8050605@elischer.org> References: <20081016212110.T4254@sola.nimnet.asn.au> <20081017045034.A4254@sola.nimnet.asn.au> <48F83739.2090800@homei.net.ua> <48F8743B.8050605@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer пишет: > Anatoliy wrote: >> Greetings to all. >> >> I have a problem to optimise ipfw rules. >> When I have started to search for the decision there were some questions >> How it is possible to find out how many >> loading gives this or that rule or all corrected as a whole. >> Prompt as it better to make in practice? >> As it would be desirable to learn as dynamic pipes the quantity >> influences productivity, >> how many calculations in a second occur thus etc. >> if what or sysctl displaying expressly or by implication it is >> variables the information? >> >> thnx, an sorry for bad English. >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > This sounds like something that would be a useful project.. > (to profile ipfw) > > you could try kernel bb profiling if it still works or you could try > other ways to work it out.. where i can read about this "bb profiling"? > > So far we do not have this information so if you do it we would be > very interested. at now i use a simple sh script but in not all whot i need ... ------ Script ------ [ ~/util]# cat ipfw_load.sh printf "IPFW match/s\t act/s\t d_steps\t d_searches\t PFnat searches match\t\t CPU sys intrpt idle \n" n=0; while : do ipfw -T sho |awk '{print $4}'|sort -rn >/tmp/ipfw_timest # geting time stamps TS_FW_MAX=`head -1 /tmp/ipfw_timest` # getting last time stamp FW_ACT=`cat /tmp/ipfw_timest|grep ${TS_FW_MAX}|grep -c ""` # couning activ rules val1_rs=$((`ipfw sho |awk '{print $2"+"}'`0)) # how match pacets val1_dnet_stps=`sysctl -n net.inet.ip.dummynet.search_steps` # how match searches steps val1_snet_searchs=`sysctl -n net.inet.ip.dummynet.searches` # how match searches sleep 1 val2_rs=$((`ipfw sho |awk '{print $2"+"}'`0)) # after 1s how match pacets val2_dnet_stps=`sysctl -n net.inet.ip.dummynet.search_steps` # after 1s how match searches steps val2_snet_searchs=`sysctl -n net.inet.ip.dummynet.searches` # after 1s how match searches MPS=$(($val2_rs-$val1_rs)) # pps DSTPSPS=$(($val2_dnet_stps-$val1_dnet_stps)) # dummynet searches steps per sec DSRCHSPS=$(($val2_snet_searchs-$val1_snet_searchs)) # dummynet searches per sec CPU_LD=`iostat -c 2 -t proc |tail +4|awk '{print $5" "$6" "$7}'` # cpu load PFNAT=`pfctl -si|grep -wE "(searches)|(match)"|sed s:\/s::|awk '{print $3}'|tr \\\n " "` if [ $n -eq 10 ]; then n=0 printf "\n IPFW match/s\t act/s\t d_steps\t d_searches\t PFnat searches match\t\t CPU sys intrpt idle \n" fi printf "${MPS}\t\t ${FW_ACT}\t ${DSTPSPS}\t\t ${DSRCHSPS}\t\t ${PFNAT}\t ${CPU_LD} \n" n=$(($n+1)) done
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F8C3A0.1000906>