Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Mar 2007 19:50:00 -0300
From:      AT Matik <asstec@matik.com.br>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: IPFW update frequency
Message-ID:  <200703301950.01501.asstec@matik.com.br>
In-Reply-To: <460D75CE.70804@elischer.org>
References:  <460D75CE.70804@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday 30 March 2007 17:40, Julian Elischer wrote:
> I have been looking at the IPFW code recently, especially
> with respect to locking.
> There are some things that could be done to improve IPFW's
> behaviour when processing packets, but some of these take a
> toll (there is always a toll) on the 'updating' side of things.
>

Hi ,=20
would you mind to explain your way of "add a toll", do you mean kind of pri=
ce=20
for a benefit or something like that? Sorry I am not native american englis=
h=20
speaker.=20

If I understand this right I would say that it does not matter for adding=20
rules, what is of interest is processing time when they exist already

> Is there anyone out there who is adding hundreds (or even dozens) of rules
> per second on a continuous basis, or who wants rule changing to
> be a really efficient operation?

even if ...
I have a system which takes additional custom parms from rc.conf.=20
so lets say the admin configures a new IP or port he executes a script whic=
h=20
flushes the old and executes the new rules

it doesn't matter the time it takes to execute the new rules - what certain=
ly=20
depends on machine capacities - what matters at the end is how fast the=20
machine can process the rules at run-time ... whatever it is .. as long as =
it=20
is faster ... not building the rule set  but running them under load

> (does it matter to you if it takes a few milliSecs to add a rule?)

absolutely NOT


Jo=E3o=20







A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik  https://datacenter.matik.com.br

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703301950.01501.asstec>