From owner-freebsd-security  Mon Jul 30 15: 2:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id B242337B403
	for <freebsd-security@FreeBSD.ORG>; Mon, 30 Jul 2001 15:02:13 -0700 (PDT)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id IAA25374;
	Tue, 31 Jul 2001 08:02:10 +1000 (EST)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37640) with ESMTP id <01K6KNV42NY8VLW5YT@cim.alcatel.com.au>;
 Tue, 31 Jul 2001 08:02:08 +1000
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.1/8.11.1)
 id f6UM27083403; Tue, 31 Jul 2001 08:02:07 +1000 (EST envelope-from jeremyp)
Content-return: prohibited
Date: Tue, 31 Jul 2001 08:02:07 +1000
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: IPFW & natd vs ipfilter & ipnat
In-reply-to: <Pine.BSF.4.30.0107301552420.2093-100000@io.frii.com>; from
 jott@frii.net on Mon, Jul 30, 2001 at 03:52:56PM -0600
To: Jake Ott <jott@frii.net>
Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG
Mail-Followup-To: Jake Ott <jott@frii.net>,
	Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG
Message-id: <20010731080207.L506@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <5.1.0.14.0.20010730143219.04cbbad0@marble.sentex.ca>
 <Pine.BSF.4.30.0107301552420.2093-100000@io.frii.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-Jul-30 15:52:56 -0600, Jake Ott <jott@frii.net> wrote:
>Because of CPU or because of protocol?
>
>-Jake
>
>On Mon, 30 Jul 2001, Mike Tancsa wrote:
>
>>
>> Nothing formal, but on my 486 at home, I do get about 33% better throughput
>> on NATed connections via ipnat vs. natd using DSL and PPPoE.
>>
>>          ---Mike

ipnat runs in the kernel.  natd runs in userland - every packet must
be copied from kernel to userland and back again.  This makes natd far
more CPU intensive.  If you're using userland PPP, you're better off
using the NAT in ppp(8) - this saves a kernel->userland->kernel
transition.

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message