Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Jan 2015 19:05:54 +0300
From:      Slawa Olhovchenkov <slw@zxy.spb.ru>
To:        Gleb Smirnoff <glebius@FreeBSD.org>
Cc:        Craig Rodrigues <rodrigc@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis <nvass@gmx.com>, svn-src-head@freebsd.org, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Subject:   Re: svn commit: r276747 - head/sys/netpfil/pf
Message-ID:  <20150112160554.GA2190@zxy.spb.ru>
In-Reply-To: <20150112144136.GM15484@FreeBSD.org>
References:  <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <AEFC5AEF-7700-426A-96D3-A14BF68CA9BC@lists.zabbadoz.net> <20150108003146.GL15484@FreeBSD.org> <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net> <20150112144136.GM15484@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Jan 12, 2015 at 05:41:36PM +0300, Gleb Smirnoff wrote:

> On Thu, Jan 08, 2015 at 12:49:45AM +0000, Bjoern A. Zeeb wrote:
> B> > B> > AFAIU, from the PR there is some panic fixed. What is the actual bug
> B> > B> > and why couldn't it be fixed with having per-vnet thread?
> B> > B> 
> B> > B> You don't 30000 whatever pf purging threads on a system all running, possibly competing for some resources, e.g., locks?
> B> > 
> B> > Isn't a vnet, which is a jail, already a set of a dozen of processes? So,
> B> > if you are speaking of "30000 whatever pf purging threads", then you
> B> > already mean "1 mln whatever processes".
> B> 
> B> jail/VNETs can exist without a single process attached.
> B> 
> B> But I guess the point is that there is only so much work we can do at the same time and we should be very careful in what we try to parallellellellize as with 5 vnets it might be fine, with a couple of thousand you may keep a system busy with itself.
> 
> Let's admit that thousand of vnets all running pf is bizarre design
> and has no practical application.

Hosted firewall/NAT for ISP/Data centers.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150112160554.GA2190>