From owner-freebsd-net@FreeBSD.ORG Tue Dec 27 14:18:20 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C57621065670 for ; Tue, 27 Dec 2011 14:18:20 +0000 (UTC) (envelope-from ptyll@nitronet.pl) Received: from mail.nitronet.pl (smtp.nitronet.pl [195.90.106.27]) by mx1.freebsd.org (Postfix) with ESMTP id 7FA738FC15 for ; Tue, 27 Dec 2011 14:18:20 +0000 (UTC) Received: from mailnull by mail.nitronet.pl with virscan (Exim 4.76 (FreeBSD)) (envelope-from ) id 1RfXr9-0006Pr-J8 for freebsd-net@freebsd.org; Tue, 27 Dec 2011 15:18:19 +0100 Date: Tue, 27 Dec 2011 15:18:04 +0100 From: Pawel Tyll X-Priority: 3 (Normal) Message-ID: <143974317.20111227151804@nitronet.pl> To: Luigi Rizzo In-Reply-To: <20111227142600.GA65456@onelab2.iet.unipi.it> References: <1498545030.20111227015431@nitronet.pl> <4EF9ADBC.8090402@FreeBSD.org> <623366116.20111227150047@nitronet.pl> <20111227142600.GA65456@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Nitronet.pl X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ptyll@nitronet.pl X-SA-Exim-Scanned: No (on mail.nitronet.pl); SAEximRunCond expanded to false Cc: freebsd-ipfw@freebsd.org, "Alexander V. Chernikov" , freebsd-net@freebsd.org Subject: Re: Firewall Profiling. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2011 14:18:20 -0000 > plans, yes - not sure how long it will take. I have compiled > ipfw+dummynet as a standalone module (outside the kernel) > but have not yet hooked the code to netmap to figure out how fast > it can run. If I understand correctly, this would require netmap to catch every packet from interfaces that would be firewalled/routed using ipfw, and then during processing determine if packet is destined for local host or network and write it out to host kernel for normal processing or quickly write it out to some destination OS? In other words, userland routing engine using netmap? :)