Mike Tancsa wrote: > Yeah I inadvertently slighted the NetBSD folks by leaving them out. So > I guess I better give them a try as well. > > The part that really surprises me is the drop in performance as firewall > rules are added to RELENG_6 and above. Both LINUX and RELENG_4 seem to > scale well with the number of rules added but RELENG_6 takes a big drop.
Wasn't there some important setting in ipfw you can tweak if you need lots of ipfw rules? Size of some hash table? Quick Googling found this: http://info.iet.unipi.it/~luigi/ip_dummynet/ and net.inet.ip.fw.dyn_buckets: 256. AFAIK the hash size needed to be tweaked manually in the code, and net.inet.ip.fw.dyn_buckets: 256 is listed as read-only so this might be it. Maybe mailing Luigi will help finding out... _______________________________________________ freebsd-performance@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to "[EMAIL PROTECTED]"