Thread: FreeBSD SMP scalable pf coming to FreeBSD HEAD
View Single Post
  #1   (View Single Post)  
Old 13th September 2012
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
Default SMP scalable pf coming to FreeBSD HEAD
From the freebsd-pf mailing list

Code:
  Hi!

  [announce goes both to net@ and pf@, but any discussion should
   go on on pf at FreeBSD.org only, please]

  As you already may now, last half a year I've been working on
making pf SMP-scalable and faster in general. More info can be
found here:

http://lists.freebsd.org/pipermail/f...ne/006643.html
http://lists.freebsd.org/pipermail/f...ne/006662.html

  Since that announce in June, I've been running experimental code for
more than 2 months in production on several routers. Also, some brave
people volunteered to be beta-testers and also run the experimental
branch in last couple of months. Code proved to be stable enough.

  The new code performs better in production: less CPU load, less
jitter, more responsive system under high load. It performs better
under synthetic benchmarks like random generated UDP flood. It
performs much better when DoS comes in.

  Thus, I plan to merge projects/pf/head to head this weekend, and
this is a HEADS UP email! You have been warned. :)

  What I'd like to do next:

  1) Move pf out of contrib.
  2) Refactor the pfvar.h into pf.h and pf_var.h. Provide stable
     kernel<->pfctl ABI. And probably other clean up tasks.
  ...
  3) ... too far to build any plans, yet. :)

-- 
Totus tuus, Glebius.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote