Date: Sat, 16 Dec 2006 12:40:44 +0300 (MSK) From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: julian@elischer.org Cc: freebsd-net@freebsd.org, bu7cher@yandex.ru, freebsd-arch@freebsd.org Subject: Re: Runtime control for the IPFIREWALL_FORWARD Message-ID: <4583BF1C.000006.25221@pantene.yandex.ru> In-Reply-To: <4583044B.4000006@elischer.org> References: <4582F021.000015.13046@webmail9.yandex.ru> <4583044B.4000006@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>Andrey V. Elsukov wrote:
>This introduces quite a bit of extra code into the path of IP packets.
Yes, it will add a few extra checks like a "if (pfil_forward_enabled) {...}"
>Some people are very sensitive about anything that slows down that path.
I can introduce a new kernel option - NO_PFIL_FORWARD, which will remove an
extra code from the CUSTOM kernel.
But the GENERIC kernel will be more universal with a new feature.
--
WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4583BF1C.000006.25221>