On Wed, 10 Aug 2022 14:38:16 -0000, Stefan Butz wrote: > this mail includes a patch to store pf rules in a red-black tree. > Currently they are stored in a linked list. > My system configured with 16000 rules takes about 10 minutes > to print them out using `pfctl -sr`. > This patch decreases the time to 4 seconds. > I was not able to measure a time increase for rule insertion. > Inserting a lot of labels is still very slow. > This has to be attacked separatly.
You are using the rule number 'nr' as the key for items in the tree. However, that field can change post-insertion. Won't that invalidate the tree order? See pf_purge_rule() and the DIOCCHANGERULE case in pfioctl() for examples of what I mean. - todd
