Date: Thu, 16 May 2013 06:38:06 -0500 From: Manoj Ganesan <manoj.ganesan@gmail.com> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Reloading anchors with many streams Message-ID: <CAOtNLgLUbyUqp397t=JjHP7yB8C3K7tWaaFLebFdwnWZaf%2BGUg@mail.gmail.com> In-Reply-To: <CAPBZQG06s8x=uCWorx0-J%2BKRdJdkiJKOX6rtsQifRtyd6ENUUA@mail.gmail.com> References: <CAOtNLgLByv40PSmXsWeihckbgmaxZEEifoCDX3gmtE0pnTNVxQ@mail.gmail.com> <CAPBZQG0Zv0SCubM_TD06-cPoLxEa=b-rgvCnspUSXdpQ4g9p1A@mail.gmail.com> <CAOtNLg%2BzVKT7iiZOego1DEG9MMC6c7k9oigQ8P4N3XUAZ02Y2A@mail.gmail.com> <CAPBZQG06s8x=uCWorx0-J%2BKRdJdkiJKOX6rtsQifRtyd6ENUUA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 15, 2013 at 2:04 PM, Ermal Lu=E7i <eri@freebsd.org> wrote: > > > > On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan <manoj.ganesan@gmail.com>w= rote: > >> On Wed, May 15, 2013 at 12:06 PM, Ermal Lu=E7i <eri@freebsd.org> wrote: >> >>> >>> >>> >>> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan <manoj.ganesan@gmail.co= m >>> > wrote: >>> >>>> Hey everyone, >>>> >>>> I'm just beginning to use FreeBSD + PF, for a use-case of multiple >>>> (1000s >>>> of) UDP streams, each attached via an anchor. When I unload/flush one = of >>>> these anchors (say I tear down a stream), does it affect the other >>>> streams >>>> enough to create jitter? In general, does reloading or manipulating an >>>> anchor cause the other connections to be affected negatively? >>>> >>>> >>> Well you will affect the streams since you have to grab the ruleset loc= k >>> for it to add and remove rules. >>> Anchors need to be setup as well during the same process so, yes, you >>> will pause the other streams. >>> >>> >>>> Also, design-wise is this an okay approach, where I have to >>>> bring-up/tear-down streams on the fly, and I use anchors for the >>>> purpose? >>> >>> >>> By design that's correct, though if you can control the way you add the >>> rules you can just avoid the anchors and just add straight rules. >>> >>> >> Actually, I wanted to add rules dynamically. My understanding was that >> using anchors was the only way to do it. Especially, because I want a >> handle back to that rule so that I can delete it later. Is that correct? >> > > If you do not use macros on your rules or rules that end up generating > multiple rules you can add rules yourself. > You can add and remove them through rules id which you can look up with > pfctl -vv. > If you keep reference of those rules you can just add rules with the righ= t > number and modify(delete) those with that number. > Sorry if I'm misunderstanding, but do you mean there is a way in pf (using pfctl) to add one off rules while specifying an id or label? I couldn't find information on that on the pfctl man page. Could you please point me to that? > > >> >> >>> Thanks, >>>> Manoj >>>> _______________________________________________ >>>> freebsd-pf@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >>>> >>> >>> >>> >>> -- >>> Ermal >>> >> >> Thanks! >> > > > > -- > Ermal > Thanks! Manoj
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtNLgLUbyUqp397t=JjHP7yB8C3K7tWaaFLebFdwnWZaf%2BGUg>