Date: Sun, 09 Jan 2000 15:58:03 +1100 From: james <death@southcom.com.au> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-current@FreeBSD.ORG Subject: Re: ipf vs. ipfw Message-ID: <4.2.2.20000109155625.00a3ff00@mail.southcom.com.au> In-Reply-To: <200001081603.RAA10786@info.iet.unipi.it> References: <4.2.2.20000109021927.00dba250@mail.southcom.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
At 17:03 8/1/2000 +0100, Luigi Rizzo wrote: >I think the basic rulechecking algorithms in ipf are no better/faster >than the ones in ipfw. If you want to switch from ipfw (no natd!) >to ipf just for performance reasons, i think you are not going to get >any significant advantage if any (i mean, if you write your ipfw rules >in an intelligent way.). So far it's been a disadvantage. :( Even without any rules, ipf introduces about 50-100 microseconds latency, whereas ipfw only introduces about 25. >For sure the pair ipf/ipnat should be faster than ipfw/natd, but >just because natd is a user-space thing and this means additional >data movements between kernel and user space that ipf needs not. The only thing i use nat for is over a 56k modem. ;) So speed really isn't an issue there, but is over my LAN. >Other reasons for the switch could be the fact that ipf is stateful >(but i am working on adding state to ipfw, if i find proper support >- hint, hint), so you can build better things. > >In other words, if you want to switch, be motivated by features, not >by performance! Quite, ipf has some great features. :) Speaking of ipf, is there any reason why i shouldn't upgrade from the 3.3.3 that comes with 4.0-CURRENT, to 3.3.6? I upgraded already and haven't seen any problems - although my machine rebooted at one stage right after i typed a rule into ipnat. I couldn't reproduce it, and never found out why it rebooted. 3.3.6's speed is still as lousy as 3.3.3 too. :( Cheers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000109155625.00a3ff00>