Re: IPFilter issue in -current

Subject: Re: IPFilter issue in -current
From: Mike Pumford <mpumford%black-star.demon.co.uk@localhost>
Date: Wed, 28 Nov 2012 21:57:05 +0000

Geoff Adams wrote:

It's conceivable I'm the only one pushing it this hard in -current.
It seemed to work just fine in netbsd-5. (Haven't tested 6 stable.)
And if you don't push this many simultaneous connections through
ipnat, the ipf_ht_node_{add,del} methods don't seem to be invoked at
all. I suspect it will be seen by more people if this code makes it
to a stable branch.

I think you are right. I'm running a 5-stable ipfilter firewall and itsurvives bittorrent traffic that maxes out my 24Mb/1Mb ADSL link andtakes my firewall CPU to 100% (mostly in interrupt time) and seems to beable to keep that up forever. Which reminds me I need to see if I canwork out a patch to enable interrupt mitigation for that chip. :)

I've just started migrating to 6-stable so I might give it a trysometime soon. I need to clone the current 5.x install first just incase its flaky. I did the same going from 4 to 5.


Mike

Follow-Ups:
- Re: IPFilter issue in -current
  - From: Geoff Adams

References:
- IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Christos Zoulas
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Geoff Adams
- Re: IPFilter issue in -current
  - From: Christos Zoulas
- Re: IPFilter issue in -current
  - From: Geoff Adams

Prev by Date: Re: IPFilter issue in -current
Next by Date: daily CVS update output
Previous by Thread: Re: IPFilter issue in -current
Next by Thread: Re: IPFilter issue in -current
Indexes:

Home | Main Index | Thread Index | Old Index