No subject

Unknown Unknown
Tue Feb 22 00:33:23 PST 2011

y=ZG at> <4D3ADD81.8040007 at> <20110221135706.GD59767 at>
From: Chris Turner <c.turner at>
Subject: Re: Time to let go of ipfilter
Date: Tue, 22 Feb 2011 02:20:59 -0600
List-Post: <mailto:kernel at>
List-Subscribe: <mailto:kernel-request at>
List-Unsubscribe: <mailto:kernel-request at>
List-Help: <mailto:kernel-request at>
List-Owner: <mailto:owner-kernel at>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
In-Reply-To: <20110221135706.GD59767 at>
Sender: kernel-errors at
Errors-To: kernel-errors at
Lines: 15
X-Trace: 1298363700 936
Xref: dragonfly.kernel:14908

On 02/21/11 07:57, Atte Peltomäki wrote:

> PF is simply too slow. It does have good functionality and it's easy to
> use, but it doesn't scale beyond small/medium networks. I stress-tested
> it some time ago and OpenBSD/pf could get a combined throughput of
> around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> really mean much.

What was the max {memory,pci,processor} bandwitdth on the machine under 

Have you stress tested NPF?

More information about the Kernel mailing list