You'd almost certainly be better off hacking up an extension to ipfw
which lets you count a /24 in one rule.
As in, the count rule would match on the subnet/netmask, have 256 32
(or 64 bit) integers allocated to record traffic in, and then do an
O(1) operation using the last octet of the v4 addres
speed of the user's IP, as I do? I can
> create two rules for the in / out for each user associated with a pipe? When
> simulating this with a script adding hundreds of rules, the latency also
> increases, as resolve this ?
>
> Adrian Chadd escreveu:
>>
>> You'd
On Mon, Oct 04, 2010, Julian Elischer wrote:
>>> -Brandon
>> Yes, its still required since ipfw fwd ignores layer2 frames.
>>
>> The application is the very same: squid. I mean, Lusca in fact (squid fork).
>>
>> Thank you for your interest.
>
> Cisco/Ironport have a patch that does this..
> I had
I can't help but remember when "someone" wrote an ipfw rule compiler -
ie, take ipfw ruleset, generate C code.
Maybe someone should write one and open source it this time.. :)
Adrian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/m
On 27 December 2011 22:32, Juli Mallett wrote:
> Reloading of mbufs into DMA descriptors? mbuf allocator overhead
> itself? Interrupts. Context switches under constant heavy load.
> Some indirection in the network stack.
Keeping caches primed? Not doing lots of very-deep-stack stuff for
each
.. the idea was just to take the rules and generate a kld to load.
There's no need to overly complicate things!
Adrian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "f
This looks mostly sensible. hm!
-a
On 13 January 2016 at 11:55, Karim Fodil-Lemelin
wrote:
> Hi,
>
> I've hit a very interesting problem with ipfw-nat and local TCP traffic that
> has enough TCP options to hit a special case in m_megapullup(). Here is the
> story:
>
> I am using the following
