[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf(4) schemantics



On Thu, 20 Mar 2003 23:16:10 +0100, Srebrenko Sehic wrote:
> On Thu, Mar 20, 2003 at 02:49:37PM -0700, [email protected] wrote:
> > > Yes, but it could be nice if one could choose, eg.
> > > set filter-policy {in, out, both} or something.
> > 
> > You can choose. Either type:
> > 
> > block out all
> > or
> > pass out all keep state
> 
> This is cosmetics. However, whouldn't we get some performance increase
> if pf(4) didn't bother looking at packets (in certain situations) going
> 'out' at all?
> 
> I assume that 'pass out all keep state' makes pf(4), at least, do a
> state lookup in the table? AFAIK, that's, in worst case scenario, 16
> searches down the binary tree? That ought to eat a few cycles.
So far everyone who has responded to you has been polite, despite your
inability to comprehend what they're telling you.  Now, in the proud
tradition of OpenBSD lusers everywhere, I will flame you:
RTFM.
RTFFAQ.
RTFRFC.
RTFS.
                                         )  (  (    (
                                         (  )  () @@  )  (( (
                                     (      (  )( @@  (  )) ) (
                                   (    (  ( ()( /---\   (()( (
     _______                            )  ) )(@ !O O! )@@  ( ) ) )
    <   ____)                      ) (  ( )( ()@ \ o / (@@@@@ ( ()( )
 /--|  |(  o|                     (  )  ) ((@@(@@ !o! @@@@(@@@@@)() (
|   >   \___|                      ) ( @)@@)@ /---\-/---\ )@@@@@()( )
|  /---------+                    (@@@@)@@@( // /-----\ \\ @@@)@@@@@(  .
| |    \ =========______/|@@@@@@@@@@@@@(@@@ // @ /---\ @ \\ @(@@@(@@@ .  .
|  \   \\=========------\|@@@@@@@@@@@@@@@@@ O @@@ /-\ @@@ O @@(@@)@@ @   .
|   \   \----+--\-)))           @@@@@@@@@@ !! @@@@ % @@@@ !! @@)@@@ .. .
|   |\______|_)))/             .    @@@@@@ !! @@ /---\ @@ !! @@(@@@ @ . .
 \__==========           *        .    @@ /MM  /\O   O/\  MM\ @@@@@@@. .
    |   |-\   \          (       .      @ !!!  !! \-/ !!  !!! @@@@@ .
    |   |  \   \          )      .     .  @@@@ !!     !!  .(. @.  .. .
    |   |   \   \        (    /   .(  . \)). ( |O  )( O! @@@@ . )      .
    |   |   /   /         ) (      )).  ((  .) !! ((( !! @@ (. ((. .   .
    |   |  /   /   ()  ))   ))   .( ( ( ) ). ( !!  )( !! ) ((   ))  ..
    |   |_<   /   ( ) ( (  ) )   (( )  )).) ((/ |  (  | \(  )) ((. ).
____<_____\\__\__(___)_))_((_(____))__(_(___.oooO_____Oooo.(_(_)_)((_
HAND, HTH.
(ASCII art courtesy of someone else)
(And, more seriously, I suggest that you read the source.  Then it should be
clear why pf works as it does.)
-- 
Kyle R. Hofmann <[email protected]>