Date: Thu, 11 Mar 2010 21:19:17 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: n j <nino80@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFIREWALL_FORWARD Message-ID: <20100311195520.W85436@sola.nimnet.asn.au> In-Reply-To: <92bcbda51003110047s717bed1bq8bb3eb787eab47f7@mail.gmail.com> References: <92bcbda51003100912k25facb5cxc9047105c91a4022@mail.gmail.com> <4B97E412.1050506@elischer.org> <4B981FE5.5090905@smartt.com> <4B9828B2.2010903@elischer.org> <92bcbda51003110047s717bed1bq8bb3eb787eab47f7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Mar 2010, n j wrote: > > A loadable module requires a coherent piece of code to implement the > > functionality, that can be put into the module. This option > > scatters tiny snippets of code throughout the exisitng > > TCP/UDP/IP/ipfw code. > > Is that just a matter of current implementation or is that 'scatter' > necessary for forward functionality? I think what Julian's saying is that adding (ipfw-specific) forwarding code to that many code paths in the stack has been deemed too expensive to have it be costing execution time when it's not being used. If 'the stack' was a monolithic thing that could be loaded as a module, then loading different builds of it may be feasible .. but it isn't :) % grep -RHi IPFIREWALL_FORWARD /sys/ to scope the job of including it. I've no idea how costly wrapping that code with sysctl tests rather than ifdefs might be - maybe worth a test? - but there's always going to be pressure to maximise packet flows .. my 2 bob, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100311195520.W85436>