Date: Tue, 17 Dec 1996 09:44:55 +0100 (MET) From: sos@freebsd.org To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Cc: julian@whistle.com, owensc@enc.edu, wangel@wgrobez1.remote.louisville.edu, dnex@access.digex.net, current@freebsd.org, stable@freebsd.org Subject: Re: IP masquerading (for a LAN, _not_ PPP) Message-ID: <199612170844.JAA18610@ravenock.cybercity.dk> In-Reply-To: <199612170613.HAA03735@labinfo.iet.unipi.it> from Luigi Rizzo at "Dec 17, 96 07:13:21 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In reply to Luigi Rizzo who wrote:
> > FreeBSD 2.2 includes the feature "DIVERT SOCKETS"
> > these can be used in conjunction with the ipfw code to
> > create a translation feature.
> >
> > Use the 'divert' keyword with the Ipfw to divert a packet to
> > a 'divert socket' that is openned by the translation daemon.
> > the daemon monitors incoming packets and 'fiddles' the headers
> > accordingly.
>
> isn't it a bit expensive ? I mean, do all the packet go to userland
> where the daemon modifies them and then back to the kernel ? If this is
> the situation, it sounds like a significant overhead per packet, so you
> only want to do it at the slow side of a router.
Exactly, thats why I did it in the kernel :)
I've mesured the overhead long ago when I started this, and on my
rusty old 25Mhz 386SX this works just dandy with 10MBps and
multiple connections with kernel resident code. I tried a
couple of simple attempts on a userland implementation, but
it bailed out on ~100Kbps...
(And for those wanting it, its not releasable, sorry)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Søren Schmidt (sos@FreeBSD.org) FreeBSD Core Team
Even more code to hack -- will it ever end
..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612170844.JAA18610>