npf table loads slow??

To: current-users%netbsd.org@localhost
Subject: npf table loads slow??
From: Brad Spencer <brad%anduin.eldar.org@localhost>
Date: Tue, 06 Dec 2022 10:06:32 -0500

So I am experimenting with NPF, converting a small rule set from
IPF+IPPOOL to NPF with its tables.

The IPPOOL is a hash table with a bit more than 200000 ip addresses in
it.  This is auto generated from bad behavior.  Loading this with
ippool(8) takes just a couple of seconds.  Doing the same thing with
"npfctl table reload ..." takes a very long time (unknown at this point,
but maybe 1/2 hour at least) and drives the CPU to 100% while doing that
load.

Am I doing something obviously wrong??  The /etc/npf.conf file is
nothing more than this:

table <blocklist> type ipset

procedure "log" {
          log: npflog0
}

group default {
      pass in all
      pass out all

      block in from <blocklist> apply "log"
      block out to <blocklist> apply "log"
}

If a file is used in /etc/npf.conf for the blocklist the start up
(i.e. npfctl reload) hangs up driving the CPU to 100%, probably loading
the large table...




-- 
Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS - http://anduin.eldar.org

Follow-Ups:
- Re: npf table loads slow??
  - From: nia

Prev by Date: py310-pdf-parser doesn't install py_pdf_parser
Next by Date: Re: npf table loads slow??
Previous by Thread: py310-pdf-parser doesn't install py_pdf_parser
Next by Thread: Re: npf table loads slow??
Indexes:

Home | Main Index | Thread Index | Old Index