Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Sep 2013 16:27:07 +0200
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        Ian Smith <smithi@nimnet.asn.au>
Cc:        h bagade <bagadeh@gmail.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: impact of disabling firewall on performance?
Message-ID:  <CA%2BhQ2%2BhHuzdH4QmWS83WannZ8c=Ao5Sz%2Bm-EiL9uxkhPE%2BhHZQ@mail.gmail.com>
In-Reply-To: <20130918235331.R1460@sola.nimnet.asn.au>
References:  <CAARSjE07M92tFmQkXPbN4_5b_eXseiYekZHkL=0b6UOK-qtixA@mail.gmail.com> <20130918175406.B1460@sola.nimnet.asn.au> <CA%2BhQ2%2Bh-2eEDHwAgBeO04yWn4SvcspOfujrZ1qBVPiN8syP90A@mail.gmail.com> <20130918235331.R1460@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Sep 18, 2013 at 4:19 PM, Ian Smith <smithi@nimnet.asn.au> wrote:

> On Wed, 18 Sep 2013 11:18:38 +0200, Luigi Rizzo wrote:
>
>  > unloading or disabling the firewall with a sysctl is likely
>  > exactly the same in terms of performance -- it's just
>  > something like
>  >
>  >     if (firewall_loaded || firewall_enabled) {
>  >          invoke_firewall(...);
>  >     }
>
>

> Not && ?
>

you are correct. thanks for the spanking, too :)

(i sent the email at 4am and i will be surprised
if this is the only mistake in my message...

cheers
luigi


>
> Either way, unloading the module/s couldn't gain any performance.
>
>  > However, executing the firewall with a single pass rule consumes
>  > some significant amount of time, see
>  > http://info.iet.unipi.it/~luigi/papers/20091201-dummynet.pdf
>  > (those numbers are from 2009 and i measured about 400ns;
>  > recent measurements with ipfw-over-netmap on a fast i7
>  > give about 100ns per packet).
>  >
>  > This is definitely measurable.
>
> Thanks for the spanking, and a second browsing of Dummynet Revisited.
>
> cheers, Ian
>



-- 
-----------------------------------------+-------------------------------
 Prof. Luigi RIZZO, rizzo@iet.unipi.it  . Dip. di Ing. dell'Informazione
 http://www.iet.unipi.it/~luigi/        . Universita` di Pisa
 TEL      +39-050-2211611               . via Diotisalvi 2
 Mobile   +39-338-6809875               . 56122 PISA (Italy)
-----------------------------------------+-------------------------------

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2BhHuzdH4QmWS83WannZ8c=Ao5Sz%2Bm-EiL9uxkhPE%2BhHZQ>