Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Jun 2013 14:13:38 +0400
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Ermal Lu?i <eri@freebsd.org>
Cc:        svn-src-projects@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r251993 - in projects/pf/head/sys: net netpfil/pf
Message-ID:  <20130621101338.GV1214@FreeBSD.org>
In-Reply-To: <CAPBZQG3FUqFrTLz9c3TtVsAdcsNCZLL2Nmq1B7AGgCmdF%2B-PRQ@mail.gmail.com>
References:  <201306191337.r5JDbU3c028003@svn.freebsd.org> <CAPBZQG3p5MtjJPcQv28GdfGZBLL7kXCnaX=H1D3ZNQEXYQUUWg@mail.gmail.com> <20130621065232.GT1214@FreeBSD.org> <CAPBZQG22cX3FMcdZGXP81sqQGehyptYCBwmGfpFyVvcTe9L2bg@mail.gmail.com> <20130621072857.GU1214@FreeBSD.org> <CAPBZQG3FUqFrTLz9c3TtVsAdcsNCZLL2Nmq1B7AGgCmdF%2B-PRQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2013 at 10:47:44AM +0200, Ermal Lu?i wrote:
E> Yeah but what makes it so hard to be runtime configurable!
E> Its just a hash mask no?

It is possible, but hard. You need to copy from old hash to new
hash, which can take long time. Blocking entire pf for this
procedure isn't a feasible option. Thus, you need to do that in
parallel with packet processing, and packet processing shouldn't
encounter state mismatches, so it should look into both hashes:
the old one and the new one. And in perfect case this shouldn't
add overhead on a normal processing.

E> dummynet already does runtime chaning as an example of components using
E> hash and runtime configurable.

Dummynet is very different.

-- 
Totus tuus, Glebius.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130621101338.GV1214>