Re: postscreen-policy (was: Feature request for postscreen: "defer")

2018-01-19 Thread Wietse Venema
Patrick Ben Koetter: > * Wietse Venema : > > Patrick Ben Koetter: > > > * Wietse Venema : > > > > Wietse Venema: > > > > > Unlike DNS lookups, the access map lookup is a blocking operation, > > > > > and if your tcp map takes 80ms to complete (a typical trans-atlantic > > > > > query), then you can

Re: postscreen-policy (was: Feature request for postscreen: "defer")

2018-01-19 Thread Patrick Ben Koetter
* Wietse Venema : > Patrick Ben Koetter: > > * Wietse Venema : > > > Wietse Venema: > > > > Unlike DNS lookups, the access map lookup is a blocking operation, > > > > and if your tcp map takes 80ms to complete (a typical trans-atlantic > > > > query), then you can handle only 12 connections per sec

Re: Feature request for postscreen: "defer"

2016-09-13 Thread Christian Rößner
> Am 14.09.2016 um 07:50 schrieb Christian Rößner > : > >> Am 13.09.2016 um 19:00 schrieb Wietse Venema : >> >> Christian Ro??ner: Am 13.09.2016 um 18:09 schrieb Wietse Venema : Christian Ro??ner: > Is there some chance that postscreen could be extended to also have > "

Re: Feature request for postscreen: "defer"

2016-09-13 Thread Christian Rößner
> Am 13.09.2016 um 19:00 schrieb Wietse Venema : > > Christian Ro??ner: >>> Am 13.09.2016 um 18:09 schrieb Wietse Venema : >>> >>> Christian Ro??ner: Is there some chance that postscreen could be extended to also have "defer"? >>> >>> That is a good question, but you might want to ask

Re: postscreen-policy (was: Feature request for postscreen: "defer")

2016-09-13 Thread Wietse Venema
Patrick Ben Koetter: > * Wietse Venema : > > Wietse Venema: > > > Unlike DNS lookups, the access map lookup is a blocking operation, > > > and if your tcp map takes 80ms to complete (a typical trans-atlantic > > > query), then you can handle only 12 connections per second, and > > > make postsceen

Re: postscreen-policy (was: Feature request for postscreen: "defer")

2016-09-13 Thread Patrick Ben Koetter
* Wietse Venema : > Wietse Venema: > > Unlike DNS lookups, the access map lookup is a blocking operation, > > and if your tcp map takes 80ms to complete (a typical trans-atlantic > > query), then you can handle only 12 connections per second, and > > make postsceen the largest performance bottlenec

postscreen-policy (was: Feature request for postscreen: "defer")

2016-09-13 Thread Wietse Venema
Wietse Venema: > Unlike DNS lookups, the access map lookup is a blocking operation, > and if your tcp map takes 80ms to complete (a typical trans-atlantic > query), then you can handle only 12 connections per second, and > make postsceen the largest performance bottleneck on the system. After star

Re: Feature request for postscreen: "defer"

2016-09-13 Thread Wietse Venema
Christian Ro??ner: > > Am 13.09.2016 um 18:09 schrieb Wietse Venema : > > > > Christian Ro??ner: > >> Is there some chance that postscreen could be extended to also have > >> "defer"? > > > > That is a good question, but you might want to ask that in a thread > > that isn't about socketmaps. >

Feature request for postscreen: "defer"

2016-09-13 Thread Christian Rößner
> Am 13.09.2016 um 18:09 schrieb Wietse Venema : > > Christian Ro??ner: >> Is there some chance that postscreen could be extended to also have "defer"? > > That is a good question, but you might want to ask that in a thread > that isn't about socketmaps. You are totally right. I created a new th