From owner-freebsd-net@FreeBSD.ORG Tue Mar 8 20:19:59 2005 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 965EB16A4CE for <freebsd-net@www.freebsd.org>; Tue, 8 Mar 2005 20:19:59 +0000 (GMT) Received: from mail.sbb.co.yu (mail.sbb.co.yu [82.117.194.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF45543D2F for <freebsd-net@www.freebsd.org>; Tue, 8 Mar 2005 20:19:58 +0000 (GMT) (envelope-from ggajic@mail.sbb.co.yu) Received: from mail.sbb.co.yu (mail.sbb.co.yu [192.168.1.2] (may be forged)) by mail.sbb.co.yu (8.13.3/8.13.3) with ESMTP id j28KJvxn024794 for <freebsd-net@lists.freebsd.org>; Tue, 8 Mar 2005 21:19:57 +0100 (CET) Date: Tue, 8 Mar 2005 21:19:57 +0100 (CET) From: Goran Gajic <ggajic@mail.sbb.co.yu> To: freebsd-net@www.freebsd.org Message-ID: <Pine.BSF.4.62.0503082118370.17320@mail.sbb.co.yu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-SBB-MailScanner-Information: Please contact the ISP for more information X-SBB-MailScanner: Found to be clean X-MailScanner-From: ggajic@mail.sbb.co.yu Subject: Re: ipfilter 4.1.6 won't build on FreeBSD5.3 amd64 (fwd) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 08 Mar 2005 20:19:59 -0000 Actually I was interested if Dual Opteron with FBSD5.3 can compare with Cisco7206 with NPE-G1 running only for NAT purpose of some 7000 hosts (and sadly more then ~80k pps can easly bring it down and no one can comfirm that 7206 with NPE-G1 can actually process 1M pps:). Ipfilter that is included in FreeBSD 5.3 is an old 3.4.35, I was not satisifed with its performance so I thoght that since ipf 4.1.6 is newer and has some new features maybe it can better cope with high NAT traffic. Unfortunately it won't compile cleanly on FBSD5.3-amd64 without supplied patch. I have compiled it with #define LARGE_NAT but so far I have tested it - only on few machines on local LAN and it works fine and I'm sure I will try it on live network with high traffic load :) Regards, gg. On Tue, 8 Mar 2005, David O'Brien wrote: > On Tue, Mar 08, 2005 at 03:12:22PM +0100, Goran Gajic wrote: >> >> >> Here is diff that makes ipfilter 4.1.6 able to compile on amd64 >> as kernel option IPFILTER: > > We don't seem to have version 4.1.6 in /usr/src/sys. > Does this apply to a port? > > -- > -- David (obrien@FreeBSD.org) >