Date: Fri, 21 Jun 2013 14:13:38 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Ermal Lu?i <eri@freebsd.org> Cc: svn-src-projects@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r251993 - in projects/pf/head/sys: net netpfil/pf Message-ID: <20130621101338.GV1214@FreeBSD.org> In-Reply-To: <CAPBZQG3FUqFrTLz9c3TtVsAdcsNCZLL2Nmq1B7AGgCmdF%2B-PRQ@mail.gmail.com> References: <201306191337.r5JDbU3c028003@svn.freebsd.org> <CAPBZQG3p5MtjJPcQv28GdfGZBLL7kXCnaX=H1D3ZNQEXYQUUWg@mail.gmail.com> <20130621065232.GT1214@FreeBSD.org> <CAPBZQG22cX3FMcdZGXP81sqQGehyptYCBwmGfpFyVvcTe9L2bg@mail.gmail.com> <20130621072857.GU1214@FreeBSD.org> <CAPBZQG3FUqFrTLz9c3TtVsAdcsNCZLL2Nmq1B7AGgCmdF%2B-PRQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2013 at 10:47:44AM +0200, Ermal Lu?i wrote: E> Yeah but what makes it so hard to be runtime configurable! E> Its just a hash mask no? It is possible, but hard. You need to copy from old hash to new hash, which can take long time. Blocking entire pf for this procedure isn't a feasible option. Thus, you need to do that in parallel with packet processing, and packet processing shouldn't encounter state mismatches, so it should look into both hashes: the old one and the new one. And in perfect case this shouldn't add overhead on a normal processing. E> dummynet already does runtime chaning as an example of components using E> hash and runtime configurable. Dummynet is very different. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130621101338.GV1214>