From owner-freebsd-pf@FreeBSD.ORG Sat Mar 9 12:15:05 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 53D619D; Sat, 9 Mar 2013 12:15:05 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qe0-f53.google.com (mail-qe0-f53.google.com [209.85.128.53]) by mx1.freebsd.org (Postfix) with ESMTP id 06BC3D26; Sat, 9 Mar 2013 12:15:04 +0000 (UTC) Received: by mail-qe0-f53.google.com with SMTP id cz11so1542710qeb.12 for ; Sat, 09 Mar 2013 04:15:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=IF4nE86t6qj/q8ZZ8pG7hCBxHuKDGdQchvqsuaVRHYE=; b=G2dj1zF4+MwPcCmU68wZgHh3FooxhAyYhrNaCtjJtehhstrk4HXuh8wcmYH6ov2NEn +twD0AD5BCM2smDgXr9IwOC12/cYUBfLBj3poXGR6hlqKJB1a+p9uzo3h+kh6zgkZilt ah1Xfnm7u3cIVLEsUHrcDbZvLT6/1eqCgkt3KqtsXAWLj2atE2WS+ouoDEE1lGq3Onqu Begh2eyRgBrc2sUKK4F4J254DAiNePjUieRqEejcAQwmcr+DupoCJsBrBDNDQWsMhdz/ TGJ/LVDEJeJ6egMqnEhsdGIWihm76x6QkhsMdgh3jvMFlj0TkljWPLEQm4QmpWSwc/6j SMGg== MIME-Version: 1.0 X-Received: by 10.224.186.82 with SMTP id cr18mr8691238qab.64.1362831304317; Sat, 09 Mar 2013 04:15:04 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.49.27.197 with HTTP; Sat, 9 Mar 2013 04:15:04 -0800 (PST) In-Reply-To: References: <201303081419.17743.vegeta@tuxpowered.net> <201303082151.00895.vegeta@tuxpowered.net> Date: Sat, 9 Mar 2013 13:15:04 +0100 X-Google-Sender-Auth: YuZhHC-J6WEuDQwMu0GUxbI9FRw Message-ID: Subject: Re: [patch] Source entries removing is awfully slow. From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Kajetan Staszkiewicz Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-net@freebsd.org" , "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Mar 2013 12:15:05 -0000 Also do not forget to rebuild pfctl so that statistics are shown correctly. On Sat, Mar 9, 2013 at 1:14 PM, Ermal Lu=C3=A7i wrote: > > > > On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz < > vegeta@tuxpowered.net> wrote: > >> Dnia pi=C4=85tek, 8 marca 2013 o 21:11:43 Ermal Lu=C3=A7i napisa=C5=82(a= ): >> > Is this FreeBSD 9.x or HEAD? >> >> I found the problem and developed the patch on 9.1. >> >> Can you please test this more 'beautiful' patch. > Its similar to yours but also delays src state removal to the proper purg= e > thread. > > Though the src node removal option through pfctl -K does a lot of job to > cleanup things > Still need to undertand why it takes so much time for you to loop through > 500K states. > The purge thread does that every tick by partitioning it to a few per tim= e > slot but still minutes is way loong. > > Can you please try to give a top -SH view of the time when this happens > and a pfctl -vvsa output? > > > >> -- >> | pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD | >> | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | >> | Vegeta | www: http://vegeta.tuxpowered.net | >> `------------------------^---------------------------------------' >> > > > > -- > Ermal > --=20 Ermal