On (09/09/2008 17:39), Ermal Luçi wrote: > On Mon, Sep 8, 2008 at 9:30 PM, Gleb Kurtsou <[EMAIL PROTECTED]> wrote: > > This summer I was working on improving layer2 filtering (my mentor is > > Andrew Thompson) as a google summer of code project. The project was > > successfully completed. [...] > Have you done any measurment on the overhead of this? > Adding tags to every packet passing might buy some overhead taking in > consideration that pf(4) already does this means double overhead for > each packet is it worth unifying this tags for filter case?! No real numbers so far. I did some benchmarking on macfw mac-ip firewall I've developed back in 2006 (should be in net@ archives). macfw itself was to hackish and to simple and also allocated mtag for every packet. I did the tests on pentium2 and pentium3 class machines with 64-256 mb of ram used as routers in 700 host ethernet network. CPU never was a bottleneck, but I've lost the results anyway.
And because of performance considerations l2tag interface flag was added, so you mtags are allocated only for packets on desired interface. Using mtag is the right way to do it, imho. Considering unifica visit this group at http://groups.google.com/group/gnome-do?hl=en -~----------~----~----~----~------~----~------~--~---
