Reloading anchors with many streams
Ermal Luçi
eri at freebsd.org
Wed May 15 19:04:44 UTC 2013
On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan <manoj.ganesan at gmail.com>wrote:
> On Wed, May 15, 2013 at 12:06 PM, Ermal Luçi <eri at freebsd.org> wrote:
>
>>
>>
>>
>> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan <manoj.ganesan at gmail.com>wrote:
>>
>>> Hey everyone,
>>>
>>> I'm just beginning to use FreeBSD + PF, for a use-case of multiple (1000s
>>> of) UDP streams, each attached via an anchor. When I unload/flush one of
>>> these anchors (say I tear down a stream), does it affect the other
>>> streams
>>> enough to create jitter? In general, does reloading or manipulating an
>>> anchor cause the other connections to be affected negatively?
>>>
>>>
>> Well you will affect the streams since you have to grab the ruleset lock
>> for it to add and remove rules.
>> Anchors need to be setup as well during the same process so, yes, you
>> will pause the other streams.
>>
>>
>>> Also, design-wise is this an okay approach, where I have to
>>> bring-up/tear-down streams on the fly, and I use anchors for the purpose?
>>
>>
>> By design that's correct, though if you can control the way you add the
>> rules you can just avoid the anchors and just add straight rules.
>>
>>
> Actually, I wanted to add rules dynamically. My understanding was that
> using anchors was the only way to do it. Especially, because I want a
> handle back to that rule so that I can delete it later. Is that correct?
>
If you do not use macros on your rules or rules that end up generating
multiple rules you can add rules yourself.
You can add and remove them through rules id which you can look up with
pfctl -vv.
If you keep reference of those rules you can just add rules with the right
number and modify(delete) those with that number.
>
>
>> Thanks,
>>> Manoj
>>> _______________________________________________
>>> freebsd-pf at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>>
>>
>>
>>
>> --
>> Ermal
>>
>
> Thanks!
>
--
Ermal
More information about the freebsd-pf
mailing list