Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Jan 2000 10:20:32 -0800 (PST)
From:      "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
To:        patrick@mindstep.com (Patrick Bihan-Faou)
Cc:        luigi@info.iet.unipi.it (Luigi Rizzo), freebsd-current@FreeBSD.ORG
Subject:   Re: ipfw optimizations
Message-ID:  <200001071820.KAA11875@gndrsh.dnsmgr.net>
In-Reply-To: <003301bf5937$90b0c340$c80aa8c0@local.mindstep.com> from Patrick Bihan-Faou at "Jan 7, 2000 12:49:37 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> Hi Luigi,
> 
> 
> > i am looking at (minor) optimizations of the ipfw code in order to reduce
> > the running time in the common cases.
> >
> > I have a few ideas (mostly along the lines of optimizing for the
> > most commonly-used rules). An obvious candidate is the 'match all'
> > rule (all from any to any), but can people suggest other common
> > usage of rules in ipfw ?
> 
> One of the things I would do to optimize ipfw is:
> - instead of keeping one list with all the rules, split the list (the
>   internal one) by interface and by direction (one list for ed1 incoming,
>   one list for ed1 outgoing, etc.).

I often do this manually in long rule sets by using things like

ipfw add 1000 skipto 10000 from any to any via de0
ipfw add 1001 skipto 20000 from any to any via de1
...
ipfw add 10000 skipto 15000 from any to any in via de0
#process outbound on de0 rules here
ipfw add 15000 blah blah # processing inbound on de0 rules here

Do similiar things at 20000...

You can reduce the number of skipto's by using a more explicit set
of rules at 1000, such as doing full 4 way branch:
ipfw add 1000 skipto 10000 from any to any in via de0
ipfw add 1001 skipto 15000 from any to any out via de0
ipfw add 1002 skipto 20000 from any to any in via de1
ipfw add 1003 skipto 25000 from any to any out via de1

Anotherwords, don't burden the ipfw with code that can easily be done
by an intellegent user, and some more examples/documentation...

-- 
Rod Grimes - KD7CAX @ CN85sl - (RWG25)               rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001071820.KAA11875>