On Wednesday 25 March 2009 00:13:55 Deomid Ryabkov wrote: > i have a machine with nc running through it. > with pf disabled, i see 960-970 mbit/s through it (as reported by systat > -ifstat). > just having pf enabled, with empty ruleset: > > # pfctl -vs nat > # pfctl -vs rules > # > > reduces throughput to about 700 mbit. > this seems wrong. any ideas why this might be happening?
You have to search the (empty) ruleset for the (implicit) default "pass all" rule. This is somewhat expensive. Then there is the pf mutex (quite expensive) and the pfil rm_lock (not so much). In addition the pf mutex is a single, global lock and thus reduces the opportunity for parallelism. > OS: 8.0-CURRENT #0: Fri Feb 27 04:20:49 MSK 2009 > > thanks. -- /"\ Best regards, | [email protected] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mla...@efnet / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
