Reloading anchors with many streams
Manoj Ganesan
manoj.ganesan at gmail.com
Thu May 16 11:38:28 UTC 2013
On Wed, May 15, 2013 at 2:04 PM, Ermal Luçi <eri at freebsd.org> wrote:
>
>
>
> On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan <manoj.ganesan at gmail.com>wrote:
>
>> On Wed, May 15, 2013 at 12:06 PM, Ermal Luçi <eri at freebsd.org> wrote:
>>
>>>
>>>
>>>
>>> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan <manoj.ganesan at gmail.com
>>> > wrote:
>>>
>>>> Hey everyone,
>>>>
>>>> I'm just beginning to use FreeBSD + PF, for a use-case of multiple
>>>> (1000s
>>>> of) UDP streams, each attached via an anchor. When I unload/flush one of
>>>> these anchors (say I tear down a stream), does it affect the other
>>>> streams
>>>> enough to create jitter? In general, does reloading or manipulating an
>>>> anchor cause the other connections to be affected negatively?
>>>>
>>>>
>>> Well you will affect the streams since you have to grab the ruleset lock
>>> for it to add and remove rules.
>>> Anchors need to be setup as well during the same process so, yes, you
>>> will pause the other streams.
>>>
>>>
>>>> Also, design-wise is this an okay approach, where I have to
>>>> bring-up/tear-down streams on the fly, and I use anchors for the
>>>> purpose?
>>>
>>>
>>> By design that's correct, though if you can control the way you add the
>>> rules you can just avoid the anchors and just add straight rules.
>>>
>>>
>> Actually, I wanted to add rules dynamically. My understanding was that
>> using anchors was the only way to do it. Especially, because I want a
>> handle back to that rule so that I can delete it later. Is that correct?
>>
>
> If you do not use macros on your rules or rules that end up generating
> multiple rules you can add rules yourself.
> You can add and remove them through rules id which you can look up with
> pfctl -vv.
> If you keep reference of those rules you can just add rules with the right
> number and modify(delete) those with that number.
>
Sorry if I'm misunderstanding, but do you mean there is a way in pf (using
pfctl) to add one off rules while specifying an id or label? I couldn't
find information on that on the pfctl man page. Could you please point me
to that?
>
>
>>
>>
>>> Thanks,
>>>> Manoj
>>>> _______________________________________________
>>>> freebsd-pf at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>>>
>>>
>>>
>>>
>>> --
>>> Ermal
>>>
>>
>> Thanks!
>>
>
>
>
> --
> Ermal
>
Thanks!
Manoj
More information about the freebsd-pf
mailing list