[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics



On Thu, Mar 20, 2003 at 02:49:37PM -0700, [email protected] wrote:
> > Yes, but it could be nice if one could choose, eg.
> > set filter-policy {in, out, both} or something.
> 
> You can choose. Either type:
> 
> block out all
> or
> pass out all keep state
This is cosmetics. However, whouldn't we get some performance increase
if pf(4) didn't bother looking at packets (in certain situations) going
'out' at all?
I assume that 'pass out all keep state' makes pf(4), at least, do a
state lookup in the table? AFAIK, that's, in worst case scenario, 16
searches down the binary tree? That ought to eat a few cycles.