Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Understanding firewalling process

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PeterZ
      last edited by

      This question is likely more FreeBSD and PF related but I have not found a good documentation about it out where so would be happy if someone points me to the one.

      Good understanding of internal works would help with performance tuning.

      When packet comes from the network it is stored in network card buffer and fetched from it on the interrupt, probably few at the time.
      Does when packets stored in some buffer or are they passed to firewall filtering during interrupt handling ?

      Now when it comes to firewalling/nating process what are the aspects affecting performance besides number of rules ?

      I'm honestly a bit puzzled with  what I observe right now. I can see 70-80% of CPU usage reported as "Interrupt Time" vs just 1% system.  This seems to show  filtering is happening in the interrupt mode or for some strange reason counted in interrupt time for different reason.

      On other hand there are some 10.000 of context switches per second which means a lot of context switches are  happening which would not need to be if filtering is done during the interrupt handling.

      It also does not seems to match 1% of CPU usage - I'd expect a bit larger value for this amount of switches.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.