On Sun, 24 May 2015 11:24:45 +0300, Alexander V. Chernikov wrote:
> 23.05.2015, 03:58, "hiren panchasara" :
> > On 05/21/15 at 02:05P, hiren panchasara wrote:
> >> On 05/21/15 at 12:42P, hiren panchasara wrote:
> >>> Getting back to this now to see if I can avoid ipfw on outgoing packets.
>
23.05.2015, 03:58, "hiren panchasara" :
> On 05/21/15 at 02:05P, hiren panchasara wrote:
>> On 05/21/15 at 12:42P, hiren panchasara wrote:
>>> Getting back to this now to see if I can avoid ipfw on outgoing packets.
>>>
>>> @@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf)
>>> hook_func
On 05/21/15 at 02:05P, hiren panchasara wrote:
> On 05/21/15 at 12:42P, hiren panchasara wrote:
> > Getting back to this now to see if I can avoid ipfw on outgoing packets.
> >
> > @@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf)
> > hook_func = (pf == AF_LINK) ? ipfw_check_frame : ipfw_ch
On 05/21/15 at 12:42P, hiren panchasara wrote:
> Getting back to this now to see if I can avoid ipfw on outgoing packets.
>
> @@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf)
> hook_func = (pf == AF_LINK) ? ipfw_check_frame : ipfw_check_packet;
>
> (void) (onoff ? pfil_add_hook :
Getting back to this now to see if I can avoid ipfw on outgoing packets.
@@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf)
hook_func = (pf == AF_LINK) ? ipfw_check_frame : ipfw_check_packet;
(void) (onoff ? pfil_add_hook : pfil_remove_hook)
- (hook_func, NULL, PFIL_IN |
Ian,
It's not so much the induced latency, but the CPU usage. Simply
invoking ipfw causes a noticeable amount of overhead, and with a
single rule it clocks in at 5% on the hardware in question. This
ranks ipfw_chk in as the 2nd hungriest function, just below tcp_output
in the IRQ handler threads
On Thu, 16 Apr 2015 11:41:54 +0800, Julian Elischer wrote:
> On 4/15/15 5:09 AM, hiren panchasara wrote:
> > Apologies if this is something silly but I want to completely eliminate
> > ipfw from outgoing traffic perspective. I just want to have it on
> > incoming. I can always add "allow ip fro
On 4/15/15 5:09 AM, hiren panchasara wrote:
Apologies if this is something silly but I want to completely eliminate
ipfw from outgoing traffic perspective. I just want to have it on
incoming. I can always add "allow ip from any to any out" as the first
rule but that is still ipfw doing something.
On Apr 14, 2015, at 2:09 PM, hiren panchasara
wrote:
> Apologies if this is something silly but I want to completely eliminate
> ipfw from outgoing traffic perspective. I just want to have it on
> incoming. I can always add "allow ip from any to any out" as the first
> rule but that is still ipfw
