On 7/16/2012 10:13 PM, Alexander V. Chernikov wrote:
Old kernel from previous letters, same setup:
net.inet.ip.fw.enable=0
2.3 MPPS
net.inet.ip.fw.update_counters=0
net.inet.ip.fw.enable=1
1.93MPPS
net.inet.ip.fw.update_counters=1
1.74MPPS
Kernel with ipfw pcpu counters:
net.inet.ip.fw.enable=0
2.3 MPPS
net.inet.ip.fw.update_counters=0
net.inet.ip.fw.enable=1
1.93MPPS
net.inet.ip.fw.update_counters=1
1.93MPPS
Counters seems to be working without any (significant) overhead.
(Maybe I'm wrong somewhere?)
Additionally, I've got (from my previous pcpu attempt) a small patch permitting
ipfw to re-use rule map allocation instead of reallocating on every rule. This
saves a bit of system time:
loading 20k rules with ipfw binary gives us:
5.1s system time before and 4.1s system time after.
May be slightly off-topic, but do you have tested (or have plans to test )
with bidirectional traffic?
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
