From owner-freebsd-ipfw Mon Jun 18 18:40:35 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from jasper.nighttide.net (jasper.nighttide.net [209.222.117.162]) by hub.freebsd.org (Postfix) with ESMTP id 26C1A37B401 for ; Mon, 18 Jun 2001 18:40:30 -0700 (PDT) (envelope-from darren@nighttide.net) Received: from localhost (darren@localhost) by jasper.nighttide.net (8.11.3/8.11.2) with ESMTP id f5J1eBX00592; Mon, 18 Jun 2001 21:40:12 -0400 (EDT) (envelope-from darren@nighttide.net) Date: Mon, 18 Jun 2001 21:40:11 -0400 (EDT) From: Darren Henderson To: Luigi Rizzo Cc: Subject: Re: buckets & sysctl In-Reply-To: <200106091127.NAA61182@info.iet.unipi.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, Got a chance to try the change to ipfw you mentioned in your message, (see below). There are mixxed results. This does allow you to effect the number of buckets in use at boot time through /etc/sysctl.conf and everything appears to work fine. I do see a number of buckets that aren't being used but that may change as the system runs. Would expect the hash distribution to be flatter after a few hours. However, this does not appear to allow you to change the number of buckets in use after the system is up. It may be operator error...I may not be doing the right things to cause that bit of code to be re-executed. I flush the ipfw rules and then use sysctl to write a new value and then rerun my firewall rules to load things back in there. The current bucket count remains unchanged. I don't know the code so I can't really hazard much of a guess. Could it perhaps be the default deny rule that messes things up? I would have guessed that the prohibition in the man page about resetting this while there were rule applied to the dynamic rules and not the static ones though. Not sure when the bit of code you discussed below is executed. At any rate it does allow one to reset the number of buckets at boot time which is certainly a step forward, thank you. I'll let you know if I observer any adverse effects over the next few days. Now if I can figure out how to keep to two dynamic rules from being created for natd' packets... - Darren On Sat, 9 Jun 2001, Luigi Rizzo wrote: > > > > I can't seem to get the number of buckets ipfw uses to increase. > > you are right, there is some bug in the part of code which handles > updates to dyn_buckets. > The actual variable used is curr_dyn_buckets, which in my intentions > should be set to the power of 2 closest to dyn_buckets -- but as > you can see in the code there is no place where the variable is > actually set. This should be done in add_dyn_rule, probably something > like this in /sys/netinet/ip_fw.c > > u_int32_t i = dyn_buckets ; > while ( i > 0 && (i & 1) == 0 ) > i >>= 1 ; > if (i != 1) /* not a power of 2 */ > dyn_buckets = curr_dyn_buckets ; /* reset */ > else { > + curr_dyn_buckets = dyn_buckets ; /* update */ > if (ipfw_dyn_v != NULL) > free(ipfw_dyn_v, M_IPFW); > ipfw_dyn_v = malloc(curr_dyn_buckets * sizeof r, > > but i want to look at the code a bit more carefully before committing this. > If you want to test this patch, i'd be glad to know how it works > for you. > > cheers > luigi > -----------------------------------+------------------------------------- > Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione > http://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) > Mobile +39-347-0373137 > -----------------------------------+------------------------------------- > ______________________________________________________________________ Darren Henderson darren@nighttide.net Help fight junk e-mail, visit http://www.cauce.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message