https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282984
--- Comment #4 from Leonid Evdokimov <leon+free...@darkk.net.ru> --- Rob, thanks for your input. I completely agree with your reasoning, but I reach different conclusion starting with a similar idea. "expire" also falls under the category "one has all the information and functionality" combining "show" and "delete". Moreover, it's implemented in exactly that way: https://github.com/freebsd/freebsd-src/blob/435a5f94fbc09959c0a4e48b1e81a50fcfd45673/sbin/pfctl/pfctl_table.c#L259-L296 So, I concluded, if "expire" is eligible for pfctl as it codifies a helper for a reasonably popular policy, something like "makezero" is somewhat equally eligible. That's why I decided to submit a patch instead of making an ad-hoc for(;;){show|delete;sleep} script. I also agree, that it would be nice of kernel to keep track of time of last increment of a counter to make things more real-time (and, maybe, make it CLOCK_UPTIME_FAST instead of wall-clock), but I'm not in the position to develop alike patch as packet counters are on a critical path of network forwarding and I'm not capable of benchmarking the patch on a reasonably diverse set of hardware (L1/2/3 cache-sizes might matter) as alike patch may interfere with some structures being pushed out of CPU caches and introducing performance regression as a consequence. -- You are receiving this mail because: You are the assignee for the bug.
