Home » Mailing list archives » dragonflybsd-kernel » 2008 » April » 7

Re: FairQ ALTQ for PF - Patch #2

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Matthew Dillon <dillon@...>
To: <kernel@...>
Subject: Re: FairQ ALTQ for PF - Patch #2
Date: Monday, April 7, 2008 - 12:57 pm

:You will want this change, too:
:http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf.c#rev1.51
:if you turn on "flags S/SA" by default.

    Done, thank you!  Initial patch set will be posted in follow-up in
    just a sec.

:Note that processing the ruleset is *really* expensive.  Keep state 
:whereever, whenever you can.  I agree that the tcp checking is a bit 
:overzealous, but not keeping state at all is not a good idea.
:
:I don't know what the most reasonable default is, but offering a way to 
:switch off the extended tcp checking is certainly a good thing.  I think 
:I will take this to FreeBSD sooner or later, but will keep conservative 
:defaults.  i.e. "flags S/SA keep state (nopickups)" in your current 
:proposed naming.
:
:-- 
:/"\  Best regards,                      | mlaier@freebsd.org
:\ /  Max Laier                          | ICQ #67774661

    Yes, I see the reasoning behind keep state.  If keep state were on
    by default, though, I think I'd want it to be pickups rather then
    no-pickups.  I just can't wrap my head around it blowing up TCP
    connections.  However, if one explicitly specified a keep state
    directive for a rule, I agree the default should be no-pickups.

						-Matt
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: FairQ ALTQ for PF - Patch #2, Matthew Dillon, (Mon Apr 7, 12:57 pm)