From owner-freebsd-net@FreeBSD.ORG Mon Oct 23 19:26:45 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2614316A40F for ; Mon, 23 Oct 2006 19:26:45 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C26143D64 for ; Mon, 23 Oct 2006 19:26:40 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.13.6) with ESMTP id k9NJQak2089662; Mon, 23 Oct 2006 12:26:36 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k9NJQax9089661; Mon, 23 Oct 2006 12:26:36 -0700 (PDT) (envelope-from rizzo) Date: Mon, 23 Oct 2006 12:26:36 -0700 From: Luigi Rizzo To: Brett Glass Message-ID: <20061023122636.B89538@xorpc.icir.org> References: <200610210648.AAA01737@lariat.net> <453AEA86.4070103@elischer.org> <200610220414.WAA15541@lariat.net> <453AF1BB.7070507@elischer.org> <200610231850.MAA12253@lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200610231850.MAA12253@lariat.net>; from brett@lariat.net on Mon, Oct 23, 2006 at 12:50:05PM -0600 Cc: Julian Elischer , net@freebsd.org Subject: Re: Avoiding natd overhead X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2006 19:26:45 -0000 On Mon, Oct 23, 2006 at 12:50:05PM -0600, Brett Glass wrote: > At 10:21 PM 10/21/2006, Julian Elischer wrote: > > >OR in 7.0 you can call netgraph directly > > > >there is a netgraph keyword in ipfw. > > I just took a look at that. Could work, except that the ng_nat > Netgraph node only does very basic NAT. One can't do static NAT, > and none of natd's other options are accessible. there is another part of paolo's work that adds the 'nat' keyword to ipfw. Even if not merged, i think it is available as a patch, right paolo ? > Whilst perusing the code, I also noticed that libalias expects all > packets to be in a single contiguous buffer. This means that ng_nat > doesn't get rid of one of the big inefficiencies involved in the > use of natd: the need to make a copy of the mbuf chain containing the copy may have been a problem 20 or even 10 years ago. These days, with huge memory bandwidths and because of the effect of burst access to memory, i would be surprised if the memcopy overhead were anything significant. Yes, you trash the cache a bit, but on the other hand you bring early in-cache the fields you need to inspect. The real performance issue with divert is the system call. Next, I'd also check if there is a scalability issue related to inefficient data structures. cheers luigi > the packet to ensure contiguity. (This is an issue with anything > that uses divert sockets, but it creeps in with ng_nat as well due > to the way libalias is coded.) Using a Netgraph node would help > with the ring transition, though, so there should be some savings. > Has the "netgraph" keyword been MFCed? > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"