From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 17:09:27 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECFC914D for ; Tue, 23 Dec 2014 17:09:26 +0000 (UTC) Received: from mx.aknet.kg (mx.aknet.kg [212.112.96.8]) by mx1.freebsd.org (Postfix) with ESMTP id 4AAAE1F9F for ; Tue, 23 Dec 2014 17:09:26 +0000 (UTC) Received: from mx.aknet.kg (localhost.aknet.kg [127.0.0.1]) by mx.aknet.kg (Postfix) with ESMTP id 45A2C1CCF7 for ; Tue, 23 Dec 2014 23:09:25 +0600 (KGT) Received: (from nobody@localhost) by mx.aknet.kg (8.13.8/8.13.8/Submit) id sBNH9Pai029139; Tue, 23 Dec 2014 23:09:25 +0600 (KGT) (envelope-from info@aknet.kg) X-Authentication-Warning: mx.aknet.kg: nobody set sender to info@aknet.kg using -f To: Subject: Re: Netmap-ipfw, how to fill a table by 15K entries =?UTF-8?Q?=20=3F?= X-PHP-Originating-Script: 501:main.inc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 23 Dec 2014 23:09:25 +0600 From: info@aknet.kg In-Reply-To: <549994D9.1050503@freebsd.org> References: <20141223130201.83220.333300601.swift@crm.aknet.kg> <54997C9F.7@grosbein.net> <63ee7a61354bdbe2e588496eb3af384e@aknet.kg> <549994D9.1050503@freebsd.org> Message-ID: <22dc1bd1d57468c1e3ab17a75a3909d6@aknet.kg> X-Sender: info@aknet.kg User-Agent: Roundcube Webmail/0.7.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 17:09:27 -0000 Julian, I tested your method, result is negative, I see following: First Console: root@testbridge:/usr/local/netmap-ipfw/netmap-ipfw/ipfw # more tab-cont.txt | ./ipfw /dev/stdin connected to 127.0.0.1:5555 ^C Freeze. Have to interrupt by CTRL-C after 30 sec. Second Console: root@testbridge:/usr/local/netmap-ipfw/netmap-ipfw/ipfw # ./ipfw table 10 list connected to 127.0.0.1:5555 192.168.103.10/32 0 192.168.103.100/32 0 but in tab-cont.txt more tab-cont.txt | wc -l 11 table 10 add 192.168.103.10 table 10 add 192.168.103.100 table 10 add 192.168.103.101 table 10 add 192.168.103.102 table 10 add 192.168.103.103 table 10 add 192.168.103.104 table 10 add 192.168.103.105 table 10 add 192.168.103.106 table 10 add 192.168.103.107 table 10 add 192.168.103.109 table 10 add 192.168.103.11 If somebody have idea or wants to make tests - I can give ssh access to my test server :) Azamat Elischer писал 2014-12-23 22:14: > On 12/23/14 11:32 PM, info@aknet.kg wrote: >> Eugene, >> sure, first we tried was a method with file. >> But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs >> and we loose console interaction. >> (the last FreeBSD-Stable 10.1) >> >> It needs to open new console and kill a process ./ipfw >> /usr/local/.../rules.txt >> >> And ./ipfw table 10 list shows only 2-3 new rules from any (20 or >> 15K in file) >> >> May be this case (placing many enties into tables) was not tested by >> developers? > > I haven't used the file, but I have piped the commands into ipfw.. > > myscript | ipfw /dev/stdin > > where "myscript" outputs all the commands derived from my > configuration. > (actually myscript was a python program when I worked for cisco) > >> >> Azamat >> >> Eugene Grosbein писал 2014-12-23 20:30: >>> On 23.12.2014 20:02, IT Department, AkNet ISP wrote: >>>> Hello to All >>>> >>>> Can anybody tell, how to fill a table with large number of entries >>>> ? >>>> >>>> Sure, It can be done by standard method by ./ipfw table 10 add >>>> xxx.xxx.xxx.xxx in a script, but each entry takes couple of >>>> seconds to >>>> be placed into a table: >>>> >>>> ./ipfw table 10 add 192.168.10.50 >>>> connected to 127.0.0.1:5555 >>>> >>>> And takes many hours to do all job. >>>> >>>> May be there is a way to open a socket and place a bulk commands, >>>> for >>>> example: >>>> telnet localhost 5555 >>>> table 10 add xxx.xxx.xxx.xxx >>>> >>>> But it doesn't work as written above. >>>> >>>> May be Senior Luigi can explane how to do such work as fast as it >>>> done by ordinary ipfw ? >>> >>> /sbin/ipfw can take full pathname of text file containing list of >>> commands like: >>> >>> table 10 add x.x.x.x >>> table 10 add x.x.x.y >>> ... >>> >>> So, it parses them all and executes at once. Read man ipfw, >>> section: >>> LIST OF RULES AND PREPROCESSING >>> >>> Eugene Grosbein >>> >>> >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to >>> "freebsd-net-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to >> "freebsd-net-unsubscribe@freebsd.org" >> >> >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org"