From owner-freebsd-arch@FreeBSD.ORG Sat Dec 16 09:41:04 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 073BF16A412; Sat, 16 Dec 2006 09:41:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from pantene.mail.yandex.net (pantene.mail.yandex.net [213.180.223.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92DE643CA0; Sat, 16 Dec 2006 09:41:03 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from YAMAIL (pantene.yandex.ru) by mail.yandex.ru id ; Sat, 16 Dec 2006 12:40:44 +0300 Received: from [82.211.152.12] ([82.211.152.12]) by mail.yandex.ru with HTTP; Sat, 16 Dec 2006 12:40:44 +0300 (MSK) Date: Sat, 16 Dec 2006 12:40:44 +0300 (MSK) From: "Andrey V. Elsukov" Sender: bu7cher@yandex.ru Message-Id: <4583BF1C.000006.25221@pantene.yandex.ru> MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] Errors-To: bu7cher@yandex.ru To: julian@elischer.org In-Reply-To: <4583044B.4000006@elischer.org> References: <4582F021.000015.13046@webmail9.yandex.ru> <4583044B.4000006@elischer.org> X-Source-Ip: 82.211.152.12 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, bu7cher@yandex.ru, freebsd-arch@freebsd.org Subject: Re: Runtime control for the IPFIREWALL_FORWARD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bu7cher@yandex.ru List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2006 09:41:04 -0000 >Andrey V. Elsukov wrote: >This introduces quite a bit of extra code into the path of IP packets. Yes, it will add a few extra checks like a "if (pfil_forward_enabled) {...}" >Some people are very sensitive about anything that slows down that path. I can introduce a new kernel option - NO_PFIL_FORWARD, which will remove an extra code from the CUSTOM kernel. But the GENERIC kernel will be more universal with a new feature. -- WBR, Andrey V. Elsukov