From owner-freebsd-hackers Fri Jun 22 2:23:42 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from distortion.dk (distortion.dk [195.249.147.156]) by hub.freebsd.org (Postfix) with ESMTP id 592E237B409 for ; Fri, 22 Jun 2001 02:23:37 -0700 (PDT) (envelope-from freebsd@petri.cc) Received: from petri2000 ([194.192.131.98]) by distortion.dk (8.9.3/8.9.1) with SMTP id LAA32060 for ; Fri, 22 Jun 2001 11:26:06 +0200 (CEST) (envelope-from freebsd@petri.cc) Message-ID: <008e01c0fafd$034e8000$8632a8c0@atomic.dk> From: "Nicolai Petri" To: Subject: An netgraph firewall module ? Is this possible / good performing ? Date: Fri, 22 Jun 2001 11:23:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi hackers, I've used some time writing a custom natd like daemon which makes som speciel packet processing. One of the issues with the natd approach is the large amount of context-switches it gives. This can be a real performance problem on very loaded networks. Would it be possible to do this with netgraph instead. And what is the pro's and con's for this approach. As a second step in developement how should protocol verification (ftp/smtp/whatever) be added to a netgraph firewall approach in a structured and dynamic extendable way ? Best regards, Nicolai Petri To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message