From owner-freebsd-net  Sun Jan 27  6:55: 8 2002
Delivered-To: freebsd-net@freebsd.org
Received: from tomts8-srv.bellnexxia.net (tomts8.bellnexxia.net [209.226.175.52])
	by hub.freebsd.org (Postfix) with ESMTP id 51AC737B404
	for <freebsd-net@FreeBSD.ORG>; Sun, 27 Jan 2002 06:55:06 -0800 (PST)
Received: from xena.gsicomp.on.ca ([199.243.128.21])
          by tomts8-srv.bellnexxia.net
          (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP
          id <20020127145505.PDPQ16860.tomts8-srv.bellnexxia.net@xena.gsicomp.on.ca>;
          Sun, 27 Jan 2002 09:55:05 -0500
Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18])
	by xena.gsicomp.on.ca (8.11.1/8.11.1) with SMTP id g0REj4X40336;
	Sun, 27 Jan 2002 09:45:04 -0500 (EST)
	(envelope-from matt@gsicomp.on.ca)
Message-ID: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca>
From: "Matthew Emmerton" <matt@gsicomp.on.ca>
To: "Clemens Hermann" <haribeau@gmx.de>
Cc: "BSD NET-List" <freebsd-net@FreeBSD.ORG>
References: <Pine.BSF.4.21.0201270011300.6340-100000@cody.jharris.com> <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local>
Subject: Re: natd restart
Date: Sun, 27 Jan 2002 09:55:03 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

> Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton:
>
> Hi Matt,
>
> > Here's the patch that I wrote some time ago.
>
> thanks a lot!
> Did you send-pr the patch? It seems quite necessary to be added.

Not yet.  One of the things that I don't like about this patch is that old
rules still stay around (re-reading the configuration will only modify
existing rules and add new rules.)  I'm also taking a lot of flak on my side
of the fence since NAT runs as a userland process, so every packet gets
copied between the kernel and userland twice (once on the way in, once on
the way out.)  Apparently Linux doesn't do this.

I'm looking at making natd into a kernel option ("options IPNAT") and using
a combination of sysctls and a front-end program to manage how nat operates,
much like "options IPFIREWALL" and ipfw works today.

This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and
keep those Linux people from bashing us (or me, at least.)

--
Matt Emmerton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message