Contributed by jose on from the performance-analysis dept.
"Daniel Hartmeier did a presentation about PF at Usenix 2002 : Design and Performance of the OpenBSD Stateful Packet Filter ( html , PDF , slides ).I saw a preview copy of this paper, but I had to miss Usenix Tech this year. Well worth the reading.
In summary, iptables perform the best for stateless rules and pf performs the best when using stateful filtering. "
(Comments are closed)
By Not Really Anonymous () on
I can't wait for the load-balancing and authentication papers.
...
By Christopher Hylarides () hylaride@sheridanc.on.ca on mailto:hylaride@sheridanc.on.ca
By Anonymous Coward () on
talks about hybrid kernel/userland threading system being developped for NetBSD.
The intro of the paper was (for non-coder me) really helpful in understanding more what threading is all about.
Does anyone knows what's the status with UBC ? I saw art's synching it with -current recently, but that's about it. Is it planned for 3.2 ?
By Anonymous Coward () on
By Anonymous Coward () on
As you read the paper, you see questions raised about performance but no answers proffered about performance - except for the obvious reference to the O(log n) graph. This suggests that either the paper was rushed or the author wasn't very thorough in their investigations and analysis. Why does the graph which starts out at O(log n) eventually descend at O(n), for example ?
Perhaps the most interesting outcome of this paper is it supports the idea of using trees for state (over hashing) but of what benefit is the "skip steps"?
I wonder how FreeBSD feels about being left out. ipfw has a mix of capabilities and is faster than ipf, but is it faster than pf?