From owner-freebsd-net@FreeBSD.ORG  Sun Oct 21 13:44:41 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id AC8341D9
 for <net@freebsd.org>; Sun, 21 Oct 2012 13:44:41 +0000 (UTC)
 (envelope-from lists@eitanadler.com)
Received: from mail-da0-f54.google.com (mail-da0-f54.google.com
 [209.85.210.54])
 by mx1.freebsd.org (Postfix) with ESMTP id 6CFB18FC16
 for <net@freebsd.org>; Sun, 21 Oct 2012 13:44:41 +0000 (UTC)
Received: by mail-da0-f54.google.com with SMTP id z9so983724dad.13
 for <net@freebsd.org>; Sun, 21 Oct 2012 06:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=eitanadler.com; s=0xdeadbeef;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type;
 bh=2KOyUwPIkC2QA/o4rnKxvyN/P63aX4lLEQANeDTB9hI=;
 b=biTAvjtgvFpqjlN5AFwji1GbyxpWyC3c0gJi2+Ga29d6luhpEPwDiuY/FKkFrePaPy
 X2EqdmPEBmAV5fD3WRGW4Uebo8g3qXFGMGE57M0Oe16Uk684PJzG8Bmjjy/2sH4m7P8L
 ccI3SeIvcRu9J1QjUufnzEfXU+DBaVFSsW8CA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type:x-gm-message-state;
 bh=2KOyUwPIkC2QA/o4rnKxvyN/P63aX4lLEQANeDTB9hI=;
 b=GXxyAn80mUUtevCy+U2B3BJJaepdAQ/z4NSx3vWhZY15nvG+DQockXG5eIrs4LAtqr
 Q8+kWl6CqYjZJXPzPg5K4bT8Nhyr6MGgPeLwKjuGq2Or2M6hmNCRcDfUE0G3goygAYGO
 s/oS7F1t57nshgfwsOWOv/rMgrK/fsOcqZP7lKfYkJtHHRsk2jCjFCKZeXm5AnXdNe9v
 n4hXoi+MHwyQVXfHrFUGjY4v1swxat/MrelfWnJ3Okn+X2fm55GJNkrnQQwD1rccp0W+
 r4qmuM0WszHNetg5ScRE27ZxjEgRgyViFSWr+O9HwZIlCWA/2E6blNpkcscP3JeRbEJL
 TydQ==
Received: by 10.68.209.170 with SMTP id mn10mr22329620pbc.11.1350827080843;
 Sun, 21 Oct 2012 06:44:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.66.161.163 with HTTP; Sun, 21 Oct 2012 06:44:10 -0700 (PDT)
In-Reply-To: <508138A4.5030901@FreeBSD.org>
References: <508138A4.5030901@FreeBSD.org>
From: Eitan Adler <lists@eitanadler.com>
Date: Sun, 21 Oct 2012 09:44:10 -0400
Message-ID: <CAF6rxg=V66A+nSD4BVShC-9AUdkN5nWkw7cqKY2keq4MCU0i_Q@mail.gmail.com>
Subject: Re: [RFC] Enabling IPFIREWALL_FORWARD in run-time
To: "Andrey V. Elsukov" <ae@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQl81XORcUrKXlo8b/mwMK1PN5ySReFmsdoZX1r2SanyKHhVyCR2UZFjror/vPhKrwFIYtYv
Cc: ipfw@freebsd.org, net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 13:44:41 -0000

On 19 October 2012 07:25, Andrey V. Elsukov <ae@freebsd.org> wrote:
> Hi All,
>
> Many years ago i have already proposed this feature, but at that time
> several people were against, because as they said, it could affect
> performance. Now, when we have high speed network adapters, SMP kernel
> and network stack, several locks acquired in the path of each packet,
> and i have an ability to test this in the lab.
>
> So, i prepared the patch, that removes IPFIREWALL_FORWARD option from
> the kernel and makes this functionality always build-in, but it is
> turned off by default and can be enabled via the sysctl(8) variable
> net.pfil.forward=1.
>
>         http://people.freebsd.org/~ae/pfil_forward.diff

Please also modify man/man4/ipfirewall.4


-- 
Eitan Adler