From owner-freebsd-ipfw@FreeBSD.ORG  Thu Aug 24 12:32:07 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3E2A16A4DE
	for <freebsd-ipfw@freebsd.org>; Thu, 24 Aug 2006 12:32:06 +0000 (UTC)
	(envelope-from if@hetzner.co.za)
Received: from hetzner.co.za (office.cpt2.your-server.co.za [196.7.147.230])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E19643D4C
	for <freebsd-ipfw@freebsd.org>; Thu, 24 Aug 2006 12:32:05 +0000 (GMT)
	(envelope-from if@hetzner.co.za)
Received: from localhost ([127.0.0.1] helo=ian.hetzner.africa)
	by hetzner.co.za with esmtp (Exim 4.62 (FreeBSD))
	(envelope-from <if@hetzner.co.za>)
	id 1GGENQ-0008mi-2A; Thu, 24 Aug 2006 14:32:04 +0200
To: Luigi Rizzo <rizzo@icir.org>, freebsd-ipfw@freebsd.org
From: Ian FREISLICH <if@hetzner.co.za>
In-Reply-To: Message from Ian FREISLICH <if@hetzner.co.za> 
	of "Tue, 15 Aug 2006 15:21:32 +0200." <E1GCyrM-000MtP-W7@hetzner.co.za> 
X-Attribution: BOFH
Date: Thu, 24 Aug 2006 14:32:04 +0200
Message-Id: <E1GGENQ-0008mi-2A@hetzner.co.za>
Cc: 
Subject: Re: ipfw performance and random musings. 
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2006 12:32:07 -0000

Ian FREISLICH wrote:
> Luigi Rizzo wrote:
> > On Wed, Aug 02, 2006 at 01:42:51PM +0200, Ian FREISLICH wrote:
> > > You're thinking somewhere on the lines of:
> > > 
> > > skipto base hash-if <name pattern> from <number> to <number> delta <delta
> [offset <number>]

This is the syntax I've pretty much settled upon:

skipto 1000 ip from any to any ifhash vlan[1000-1264] offset -1000 delta 100

Which for matching interfaces calculates the skipto target as:

    1000 + (iface# + offset) * delta

If you're happy with this format, I'll update the ipfw manual page
and submit a patch for review and commit.

I'm now getting ~440kpps forwarded at about 35% interrupt CPU utilisation.

I'm going to have a bash at giving ifconfig a new option so that
packets can be injected into the firewall at the right point.  I
have something like the following in mind:

ifconfig em1 ipfw_rule 1000

foo% ifconfig em1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
        ether 00:04:23:ce:ca:a0
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        ipfw_rule: 1000

I expect this to reduce interrupt CPU overhead to about 8% at ~440kpps.

Ian

--
Ian Freislich