From owner-freebsd-net Tue Feb 12 17:43:30 2002 Delivered-To: freebsd-net@freebsd.org Received: from overlord.e-gerbil.net (e-gerbil.net [207.91.110.247]) by hub.freebsd.org (Postfix) with ESMTP id 9FC5037B402 for ; Tue, 12 Feb 2002 17:43:26 -0800 (PST) Received: by overlord.e-gerbil.net (Postfix, from userid 1001) id D62F2E5008; Mon, 11 Feb 2002 16:30:15 -0500 (EST) Date: Mon, 11 Feb 2002 16:30:15 -0500 From: Richard A Steenbergen To: Alfred Perlstein Cc: freebsd-net@FreeBSD.ORG Subject: Re: squeeze more performance out of natd? Message-ID: <20020211213015.GO90229@overlord.e-gerbil.net> References: <20020211130512.S84750-100000@patrocles.silby.com> <20020211112645.F63886@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020211112645.F63886@elvis.mu.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 11, 2002 at 11:26:45AM -0800, Alfred Perlstein wrote: > failing that, there's always moving it into the kernel where the perf > would most likely get better by several orders of magnitude by avoiding > copies and userspace/kernel context switching. Of course copying the entire packet in and out for nat is very stupid. But in theory, keeping the decision making in userland would allow for easier implementation of more powerful nat tools (ex: per-flow nat load balancing, etc). Perhaps it would be more useful to retain some userland part, but only pass the layer 3/4 headers around. Or perhaps it should be entirely kernel based for simple NAT, but with a hook for a userland program that could snarf the headers and make decisions if needed/wanted. -- Richard A Steenbergen http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message