From owner-cvs-all@FreeBSD.ORG  Sat May  8 08:25:31 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 680)
	id 2B07116A4CF; Sat,  8 May 2004 08:25:31 -0700 (PDT)
Date: Sat, 8 May 2004 08:25:31 -0700
From: Darren Reed <darrenr@hub.freebsd.org>
To: Sam Leffler <sam@errno.com>
Message-ID: <20040508152531.GA96827@hub.freebsd.org>
References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org>
	<20040506185854.GB1777@madman.celabo.org>
	<20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200405070755.36055.sam@errno.com>
User-Agent: Mutt/1.4.1i
cc: "Jacques A. Vidrine" <nectar@FreeBSD.org>
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: Andre Oppermann <andre@FreeBSD.org>
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 May 2004 15:25:31 -0000

On Fri, May 07, 2004 at 07:55:36AM -0700, Sam Leffler wrote:
> 
> Employing a packet filter is not equivalent as it requires every packet to be 
> processed while this (effectively 7-line change) adds no new overhead to the 
> normal processing path for packets.  It would be nice if packet filtering 
> were cheap enough that we could use it in this way but I don't think that's 
> the case just yet.

Using that argument, is that clearance to put all of the normalization
from pf into the various parts of the networking code (not every type of
normalisation needs to be done on every packet but it is all useful), with
sysctls to turn it on or off, and maybe we'll add the ability to log packets
at various points because we don't want the overhead of BPF (it has to
process every packet too) and that's just for starters.  I'm sure I can
think of some more, in time.  How about you?

If there were a core@ for freebsd that was active, this is the kind of
thing I'd be writing to them about, asking for it to be backed out.

Darren