pf no longer single-threaded

Predrag Punosevac noticed that turning on pf was slowing his machine down.  Rearranging the rules fixed a lot of it for him.  However, Matthew Dillon decided it was time to make pf work concurrently instead of in a single thread, and 24 hours later, it does.  Quick, someone benchmark this!

Posted by     Categories: Committed Code, DragonFly     6 Comments
6 Comments on pf no longer single-threaded


  1. hd says:

    Wonderful, I just read this pf thing from the mailing list last night, and this morning I git pull the src and found the update of pf, I truly believe I’m choosing the right OS and following the right people and community!

  2. Anonymous says:

    Just to be clear, does this mean that pf will perform better on DragonFly than on OpenBSD?

  3. Will pf perform better on DragonFly? The glib answer is yes.

    Here’s the boring, real answer, though:

    – Performance should be better, as DragonFly has generally fantastic network performance in general, and having pf in parallel should make it able to deal with larger workloads.

    – This is a significant change for pf, so there may be surprises lurking that nobody’s found yet. Remember this is barely 24 hours old.

    – If what you want to do with pf relies on some feature found only in OpenBSD’s version, for instance, it doesn’t matter how much faster this is – “better” is a measure of how well something meets your needs, not _necessarily_ the packets per second it can process.

    – Actual benchmarks and testing will answer the question best.

  4. Wow, nice work, Matt!

  5. Will Backman says:

    FreeBSD did similar work too. I hope this can all be merged to help prevent forking PF

  6. Will – probably too late for that to be easy. I still think a ‘pf test suite’ would be the best idea, though certainly no less difficult.