[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-dev
Subject: Re: [pfS-Dev] new patch to freebsd code - pfsense-tools, how?
From: PiBa <pba_2k3 () yahoo ! com>
Date: 2015-05-09 19:16:00
Message-ID: 554E5CF0.8030504 () yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Ermal,
In what regard do you expect it will not perform / affect the whole system?
For rules that do not configure a divert port only one 'if' statement is
added another is changed that both evaluate to false.
In the case that divert-reply is configured then all packets only need
to be evaluated by pf and not also by ipfw.. This might actually improve
overall speed instead of decrease it.? (admit i have not done any speed
tests..)
In any case it should simplify the required rules that are needed to
catch reply traffic from a nonlocal ip without requiring ipfw..
And would be a good step towards avoiding some of the problems caused by
that pf+ipfw combination.. https://forum.pfsense.org/index.php?topic=93365.0
Regards
PiBa
Ermal Luçi schreef op 7-5-2015 om 10:13:
> Hello Piba,
>
> the problem is that with your patch the whole system is impacted.
> The divert sockets do not deliver the performance you expect in this
> regard.
>
> On Wed, May 6, 2015 at 7:08 PM, PiBa <pba_2k3@yahoo.com
> <mailto:pba_2k3@yahoo.com>> wrote:
>
> So something like this ( https://redmine.pfsense.org/issues/3943 )
> should be oké ?
> The patch is attached here:
> https://bz-attachments.freebsd.org/attachment.cgi?id=141647
>
> If it could be applied, or commented on for needed
> changes/improvements that would be appreciated.
>
> Chris Buechler schreef op 5-5-2015 om 23:33:
>
> On Mon, May 4, 2015 at 12:30 PM, PiBa <pba_2k3@yahoo.com
> <mailto:pba_2k3@yahoo.com>> wrote:
>
> Hi dev's,
>
> What is the proper way to get a patch applied to FreeBSD
> code? And get it
> commited to pfsense-tools?
>
> You can open a bug ticket at redmine.pfsense.org
> <http://redmine.pfsense.org> describing the
> issue/reason for the patch and attach it.
> _______________________________________________
> Dev mailing list
> Dev@lists.pfsense.org <mailto:Dev@lists.pfsense.org>
> https://lists.pfsense.org/mailman/listinfo/dev
>
>
> _______________________________________________
> Dev mailing list
> Dev@lists.pfsense.org <mailto:Dev@lists.pfsense.org>
> https://lists.pfsense.org/mailman/listinfo/dev
>
>
>
>
> --
> Ermal
>
>
> _______________________________________________
> Dev mailing list
> Dev@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/dev
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Ermal,<br>
<br>
In what regard do you expect it will not perform / affect the
whole system?<br>
For rules that do not configure a divert port only one 'if'
statement is added another is changed that both evaluate to false.<br>
In the case that divert-reply is configured then all packets only
need to be evaluated by pf and not also by ipfw.. This might
actually improve overall speed instead of decrease it.? (admit i
have not done any speed tests..)<br>
<br>
In any case it should simplify the required rules that are needed
to catch reply traffic from a nonlocal ip without requiring ipfw..<br>
And would be a good step towards avoiding some of the problems
caused by that pf+ipfw combination..
<a class="moz-txt-link-freetext" \
href="https://forum.pfsense.org/index.php?topic=93365.0">https://forum.pfsense.org/index.php?topic=93365.0</a><br>
<br>
Regards<br>
PiBa<br>
<br>
Ermal Luçi schreef op 7-5-2015 om 10:13:<br>
</div>
<blockquote
cite="mid:CAPBZQG2CQKhShCnFdYu296vitv-m7b0T5AJn=fsrM_bY5Y6H0g@mail.gmail.com"
type="cite">
<div dir="ltr">Hello Piba,
<div><br>
</div>
<div>the problem is that with your patch the whole system is
impacted.</div>
<div>The divert sockets do not deliver the performance you
expect in this regard.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 6, 2015 at 7:08 PM, PiBa <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:pba_2k3@yahoo.com" \
target="_blank">pba_2k3@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">So
something like this ( <a moz-do-not-send="true"
href="https://redmine.pfsense.org/issues/3943">https://redmine.pfsense.org/issues/3943</a>
) should be oké ?<br>
The patch is attached here: <a moz-do-not-send="true"
href="https://bz-attachments.freebsd.org/attachment.cgi?id=141647">https://bz-attachments.freebsd.org/attachment.cgi?id=141647</a><br>
<br>
If it could be applied, or commented on for needed
changes/improvements that would be appreciated.<br>
<br>
Chris Buechler schreef op 5-5-2015 om 23:33:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, May 4, 2015 at 12:30 PM, PiBa <<a
moz-do-not-send="true" \
href="mailto:pba_2k3@yahoo.com">pba_2k3@yahoo.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi dev's,<br>
<br>
What is the proper way to get a patch applied to FreeBSD
code? And get it<br>
commited to pfsense-tools?<br>
</blockquote>
You can open a bug ticket at <a moz-do-not-send="true"
href="http://redmine.pfsense.org">redmine.pfsense.org</a>
describing the<br>
issue/reason for the patch and attach it.<br>
_______________________________________________<br>
Dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:Dev@lists.pfsense.org">Dev@lists.pfsense.org</a><br>
<a moz-do-not-send="true"
href="https://lists.pfsense.org/mailman/listinfo/dev">https://lists.pfsense.org/mailman/listinfo/dev</a><br>
<br>
</blockquote>
<br>
_______________________________________________<br>
Dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:Dev@lists.pfsense.org">Dev@lists.pfsense.org</a><br>
<a moz-do-not-send="true"
href="https://lists.pfsense.org/mailman/listinfo/dev">https://lists.pfsense.org/mailman/listinfo/dev</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">Ermal</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Dev mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Dev@lists.pfsense.org">Dev@lists.pfsense.org</a> <a \
class="moz-txt-link-freetext" \
href="https://lists.pfsense.org/mailman/listinfo/dev">https://lists.pfsense.org/mailman/listinfo/dev</a>
</pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Dev mailing list
Dev@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic