On Friday 30 March 2007 17:40, Julian Elischer wrote: > I have been looking at the IPFW code recently, especially > with respect to locking. > There are some things that could be done to improve IPFW's > behaviour when processing packets, but some of these take a > toll (there is always a toll) on the 'updating' side of things. >
Hi , would you mind to explain your way of "add a toll", do you mean kind of price for a benefit or something like that? Sorry I am not native american english speaker. If I understand this right I would say that it does not matter for adding rules, what is of interest is processing time when they exist already > Is there anyone out there who is adding hundreds (or even dozens) of rules > per second on a continuous basis, or who wants rule changing to > be a really efficient operation? even if ... I have a system which takes additional custom parms from rc.conf. so lets say the admin configures a new IP or port he executes a script which flushes the old and executes the new rules it doesn't matter the time it takes to execute the new rules - what certainly depends on machine capacities - what matters at the end is how fast the machine can process the rules at run-time ... whatever it is .. as long as it is faster ... not building the rule set but running them under load > (does it matter to you if it takes a few milliSecs to add a rule?) absolutely NOT João A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
