Date: Mon, 23 Oct 2006 12:50:05 -0600 From: Brett Glass <brett@lariat.net> To: Julian Elischer <julian@elischer.org> Cc: net@freebsd.org Subject: Re: Avoiding natd overhead Message-ID: <200610231850.MAA12253@lariat.net> In-Reply-To: <453AF1BB.7070507@elischer.org> References: <200610210648.AAA01737@lariat.net> <453AEA86.4070103@elischer.org> <200610220414.WAA15541@lariat.net> <453AF1BB.7070507@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:21 PM 10/21/2006, Julian Elischer wrote: >OR in 7.0 you can call netgraph directly > >there is a netgraph keyword in ipfw. I just took a look at that. Could work, except that the ng_nat Netgraph node only does very basic NAT. One can't do static NAT, and none of natd's other options are accessible. Whilst perusing the code, I also noticed that libalias expects all packets to be in a single contiguous buffer. This means that ng_nat doesn't get rid of one of the big inefficiencies involved in the use of natd: the need to make a copy of the mbuf chain containing the packet to ensure contiguity. (This is an issue with anything that uses divert sockets, but it creeps in with ng_nat as well due to the way libalias is coded.) Using a Netgraph node would help with the ring transition, though, so there should be some savings. Has the "netgraph" keyword been MFCed? --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610231850.MAA12253>