From owner-freebsd-net@FreeBSD.ORG  Mon Oct 23 18:50:45 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6202416A407
	for <net@freebsd.org>; Mon, 23 Oct 2006 18:50:45 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [65.122.236.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 19BDD43DB0
	for <net@freebsd.org>; Mon, 23 Oct 2006 18:50:28 +0000 (GMT)
	(envelope-from brett@lariat.net)
Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net
	[65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id MAA12253;
	Mon, 23 Oct 2006 12:50:12 -0600 (MDT)
Message-Id: <200610231850.MAA12253@lariat.net>
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 23 Oct 2006 12:50:05 -0600
To: Julian Elischer <julian@elischer.org>
From: Brett Glass <brett@lariat.net>
In-Reply-To: <453AF1BB.7070507@elischer.org>
References: <200610210648.AAA01737@lariat.net> <453AEA86.4070103@elischer.org>
	<200610220414.WAA15541@lariat.net> <453AF1BB.7070507@elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed;
	x-avg-checked=avg-ok-81811ED
Cc: net@freebsd.org
Subject: Re: Avoiding natd overhead
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2006 18:50:45 -0000

At 10:21 PM 10/21/2006, Julian Elischer wrote:

>OR in 7.0 you can call netgraph directly
>
>there is a netgraph keyword in ipfw.

I just took a look at that. Could work, except that the ng_nat 
Netgraph node only does very basic NAT. One can't do static NAT, 
and none of natd's other options are accessible.

Whilst perusing the code, I also noticed that libalias expects all 
packets to be in a single contiguous buffer. This means that ng_nat 
doesn't get rid of one of the big inefficiencies involved in the 
use of natd: the need to make a copy of the mbuf chain containing 
the packet to ensure contiguity. (This is an issue with anything 
that uses divert sockets, but it creeps in with ng_nat as well due 
to the way libalias is coded.) Using a Netgraph node would help 
with the ring transition, though, so there should be some savings. 
Has the "netgraph" keyword been MFCed?

--Brett Glass