On Wed, Feb 04, 2004 at 11:32:59AM +0100, Ed White wrote: > I would like to know what tools were used to test PF behaviour correctness, to > improve performance, to find bottle necks and to check its security.
The kernel profiler does an excellent job at finding bottlenecks, see kgmon(8), gprof(1) and config(8). As for correctness, the parser part has nice regress tests in /usr/src/regress/sbin/pfctl (make regress) and for the kernel you'll have to use the pentesting tools of your choice. Some of them might produce misleading reports, make sure you properly investigate (tcpdump on interfaces to see if something actually gets through) before reporting. Daniel
