Andrew Yes, I compiled by myself using default Make file. Now I see, that PFILDEBUG was defined in there and recompiled pfil, but will test it tomorrow.
Are there any other concerns about performance issues ? Why DEBUG is defined by default and no info in README file about this ? Thank you for your advice. With best regards Martynas -----Original Message----- From: Andrew Wenlang Zhu [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 7:28 PM To: Buozis, Martynas Cc: [email protected] Subject: Re: pfil and network performance Do you compile IPFilter by yourself ? In many version of IPfilter source code, the Pfil Makefile set the debug flag on by default. You may check Pfil Makefile in your code to make sure PFILDEBUG is not set. E.g PFILDEBUG= It highly impacts network performance with this flag on. Andrew On Tue, 2007-02-13 at 16:08 +0100, Buozis, Martynas wrote: > Hello > > I am running IPFilter installation on Solaris 8 (Generic_117350-41). > PFIL version is 2.1.11,REV=10:54:27 11/16/06. > > We noticed, that PFIL is causing big impact to network performance even > when IPFilter is stopped (just PFIL is loaded) and no rules are present. > 2GB file copy from NFS server took 35 minutes with PFIL loaded, while > without PFIL only 3 minutes were required to copy same file. > > Can somebody advice were problem is with PFIL ? > > > With best regards > Martynas > > >
