svn commit: r251993 - in projects/pf/head/sys: net netpfil/pf

[Gleb Smirnoff]

On Fri, Jun 21, 2013 at 10:47:44AM +0200, Ermal Lu?i wrote:
E> Yeah but what makes it so hard to be runtime configurable!
E> Its just a hash mask no?

It is possible, but hard. You need to copy from old hash to new
hash, which can take long time. Blocking entire pf for this
procedure isn't a feasible option. Thus, you need to do that in
parallel with packet processing, and packet processing shouldn't
encounter state mismatches, so it should look into both hashes:
the old one and the new one. And in perfect case this shouldn't
add overhead on a normal processing.

E> dummynet already does runtime chaning as an example of components using
E> hash and runtime configurable.

Dummynet is very different.

-- 
Totus tuus, Glebius.