Reloading anchors with many streams

M

manoj

Hey everyone,

I'm just beginning to use FreeBSD + PF, for a use-case of multiple (1000s of) UDP streams, each attached via an anchor. When I unload/flush one of these anchors (say I tear down a stream), does it affect the other streams enough to create jitter? In general, does reloading or manipulating an anchor cause the other connections to be affected negatively?

Also, design-wise is this an okay approach, where I have to bring-up/tear-down streams on the fly, and I use anchors for the purpose?

Thanks,
Manoj
 
Reloading rules does not affect existing states so changing the anchors has no effect on existing states either.
 
I see that you got a little different reply from a developer on the freebsd-pf mailing list. It's true that the rules are behind a lock (to avoid concurrency problems) and when you modify the rules the existing states in the packet filter won't have access to the rules that created the states while the rule update procedure is holding that lock. So I guess it's possible that there will be some packet loss or delayed packets at the moment you update the rules/anchors.
 
You must log in or register to reply here.
Back
Top