Gleb Smirnoff writes on the FreeBSD PF Mailing List about a some improvements he has made to make Packet Filter (PF) SMP-scalable and faster:

“As you already may now, last half a year I’ve been working on making pf SMP-scalable and faster in general. More info can be found here:

Since that announce in June, I’ve been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough.

The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in.”