On Wed, May 15, 2013 at 2:04 PM, Ermal Luçi <[email protected]> wrote:
> > > > On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan <[email protected]>wrote: > >> On Wed, May 15, 2013 at 12:06 PM, Ermal Luçi <[email protected]> wrote: >> >>> >>> >>> >>> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan <[email protected] >>> > wrote: >>> >>>> Hey everyone, >>>> >>>> I'm just beginning to use FreeBSD + PF, for a use-case of multiple >>>> (1000s >>>> of) UDP streams, each attached via an anchor. When I unload/flush one of >>>> these anchors (say I tear down a stream), does it affect the other >>>> streams >>>> enough to create jitter? In general, does reloading or manipulating an >>>> anchor cause the other connections to be affected negatively? >>>> >>>> >>> Well you will affect the streams since you have to grab the ruleset lock >>> for it to add and remove rules. >>> Anchors need to be setup as well during the same process so, yes, you >>> will pause the other streams. >>> >>> >>>> Also, design-wise is this an okay approach, where I have to >>>> bring-up/tear-down streams on the fly, and I use anchors for the >>>> purpose? >>> >>> >>> By design that's correct, though if you can control the way you add the >>> rules you can just avoid the anchors and just add straight rules. >>> >>> >> Actually, I wanted to add rules dynamically. My understanding was that >> using anchors was the only way to do it. Especially, because I want a >> handle back to that rule so that I can delete it later. Is that correct? >> > > If you do not use macros on your rules or rules that end up generating > multiple rules you can add rules yourself. > You can add and remove them through rules id which you can look up with > pfctl -vv. > If you keep reference of those rules you can just add rules with the right > number and modify(delete) those with that number. > Sorry if I'm misunderstanding, but do you mean there is a way in pf (using pfctl) to add one off rules while specifying an id or label? I couldn't find information on that on the pfctl man page. Could you please point me to that? > > >> >> >>> Thanks, >>>> Manoj >>>> _______________________________________________ >>>> [email protected] mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>>> To unsubscribe, send any mail to "[email protected]" >>>> >>> >>> >>> >>> -- >>> Ermal >>> >> >> Thanks! >> > > > > -- > Ermal > Thanks! Manoj _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
