Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Jan 2000 17:03:29 +0100 (CET)
From:      Luigi Rizzo <luigi@info.iet.unipi.it>
To:        james <death@southcom.com.au>
Cc:        freebsd-current@FreeBSD.ORG
Subject:   ipf vs. ipfw
Message-ID:  <200001081603.RAA10786@info.iet.unipi.it>
In-Reply-To: <4.2.2.20000109021927.00dba250@mail.southcom.com.au> from james at "Jan 9, 2000 02:26:30 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
> Why is ipf so slow? I was planning on switching from ipfw/natd to 
> ipf/ipnat, but i don't think i want to now - considering it's so darn slow.

ok, i have heard for a long time people claiming how much better is ipf over
ipfw etc. etc. I have briefly looked at docs and source for ipf.

I think the basic rulechecking algorithms in ipf are no better/faster
than the ones in ipfw. If you want to switch from ipfw (no natd!)
to ipf just for performance reasons, i think you are not going to get
any significant advantage if any (i mean, if you write your ipfw rules
in an intelligent way.).

For sure the pair ipf/ipnat should be faster than ipfw/natd, but
just because natd is a user-space thing and this means additional
data movements between kernel and user space that ipf needs not.

Other reasons for the switch could be the fact that ipf is stateful
(but i am working on adding state to ipfw, if i find proper support
- hint, hint), so you can build better things.

In other words, if you want to switch, be motivated by features, not
by performance!

	cheers
	luigi

-----------------------------------+-------------------------------------
  Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
  Mobile   +39-347-0373137
-----------------------------------+-------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001081603.RAA10786>