Date: Fri, 30 Mar 2007 16:52:38 -0700 From: Julian Elischer <julian@elischer.org> To: AT Matik <asstec@matik.com.br> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW update frequency Message-ID: <460DA2C6.7060205@elischer.org> In-Reply-To: <200703301950.01501.asstec@matik.com.br> References: <460D75CE.70804@elischer.org> <200703301950.01501.asstec@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
AT Matik wrote: > On Friday 30 March 2007 17:40, Julian Elischer wrote: >> I have been looking at the IPFW code recently, especially >> with respect to locking. >> There are some things that could be done to improve IPFW's >> behaviour when processing packets, but some of these take a >> toll (there is always a toll) on the 'updating' side of things. >> > > Hi , > would you mind to explain your way of "add a toll", do you mean kind of price > for a benefit or something like that? Sorry I am not native american english > speaker. a toll is a cost. so, yes (toll is not just American English) > > If I understand this right I would say that it does not matter for adding > rules, what is of interest is processing time when they exist already exactly.. > >> Is there anyone out there who is adding hundreds (or even dozens) of rules >> per second on a continuous basis, or who wants rule changing to >> be a really efficient operation? > > even if ... > I have a system which takes additional custom parms from rc.conf. > so lets say the admin configures a new IP or port he executes a script which > flushes the old and executes the new rules > > it doesn't matter the time it takes to execute the new rules - what certainly > depends on machine capacities - what matters at the end is how fast the > machine can process the rules at run-time ... whatever it is .. as long as it > is faster ... not building the rule set but running them under load > >> (does it matter to you if it takes a few milliSecs to add a rule?) > > absolutely NOT thankyou > > > Joćo > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. > Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460DA2C6.7060205>