DragonFly kernel List (threaded) for 2008-04
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: FairQ ALTQ for PF - Patch #2
| From: | Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> |
| Date: | Mon, 7 Apr 2008 09:57:10 -0700 (PDT) |
:You will want this change, too: :http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf.c#rev1.51 :if you turn on "flags S/SA" by default. Done, thank you! Initial patch set will be posted in follow-up in just a sec. :Note that processing the ruleset is *really* expensive. Keep state :whereever, whenever you can. I agree that the tcp checking is a bit :overzealous, but not keeping state at all is not a good idea. : :I don't know what the most reasonable default is, but offering a way to :switch off the extended tcp checking is certainly a good thing. I think :I will take this to FreeBSD sooner or later, but will keep conservative :defaults. i.e. "flags S/SA keep state (nopickups)" in your current :proposed naming. : :-- :/"\ Best regards, | mlaier@freebsd.org :\ / Max Laier | ICQ #67774661 Yes, I see the reasoning behind keep state. If keep state were on by default, though, I think I'd want it to be pickups rather then no-pickups. I just can't wrap my head around it blowing up TCP connections. However, if one explicitly specified a keep state directive for a rule, I agree the default should be no-pickups. -Matt
- References:
- FairQ ALTQ for PF - Patch #2
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: FairQ ALTQ for PF - Patch #2
- From: Cédric Berger <cedric@berger.to>
- Re: FairQ ALTQ for PF - Patch #2
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: FairQ ALTQ for PF - Patch #2
- From: Max Laier <max@love2party.net>
- FairQ ALTQ for PF - Patch #2
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]