impact of disabling firewall on performance?
Luigi Rizzo
rizzo at iet.unipi.it
Wed Sep 18 14:27:10 UTC 2013
On Wed, Sep 18, 2013 at 4:19 PM, Ian Smith <smithi at nimnet.asn.au> wrote:
> On Wed, 18 Sep 2013 11:18:38 +0200, Luigi Rizzo wrote:
>
> > unloading or disabling the firewall with a sysctl is likely
> > exactly the same in terms of performance -- it's just
> > something like
> >
> > if (firewall_loaded || firewall_enabled) {
> > invoke_firewall(...);
> > }
>
>
> Not && ?
>
you are correct. thanks for the spanking, too :)
(i sent the email at 4am and i will be surprised
if this is the only mistake in my message...
cheers
luigi
>
> Either way, unloading the module/s couldn't gain any performance.
>
> > However, executing the firewall with a single pass rule consumes
> > some significant amount of time, see
> > http://info.iet.unipi.it/~luigi/papers/20091201-dummynet.pdf
> > (those numbers are from 2009 and i measured about 400ns;
> > recent measurements with ipfw-over-netmap on a fast i7
> > give about 100ns per packet).
> >
> > This is definitely measurable.
>
> Thanks for the spanking, and a second browsing of Dummynet Revisited.
>
> cheers, Ian
>
--
-----------------------------------------+-------------------------------
Prof. Luigi RIZZO, rizzo at iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338-6809875 . 56122 PISA (Italy)
-----------------------------------------+-------------------------------
More information about the freebsd-net
mailing list