Re: IPFilter issue in -current

Geoff Adams wrote:
It's conceivable I'm the only one pushing it this hard in -current.
It seemed to work just fine in netbsd-5. (Haven't tested 6 stable.)
And if you don't push this many simultaneous connections through
ipnat, the ipf_ht_node_{add,del} methods don't seem to be invoked at
all. I suspect it will be seen by more people if this code makes it
to a stable branch.

I think you are right. I'm running a 5-stable ipfilter firewall and it survives bittorrent traffic that maxes out my 24Mb/1Mb ADSL link and takes my firewall CPU to 100% (mostly in interrupt time) and seems to be able to keep that up forever. Which reminds me I need to see if I can work out a patch to enable interrupt mitigation for that chip. :)

I've just started migrating to 6-stable so I might give it a try sometime soon. I need to clone the current 5.x install first just in case its flaky. I did the same going from 4 to 5.


