Date: Sun, 27 Jan 2002 09:55:03 -0500 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Clemens Hermann" <haribeau@gmx.de> Cc: "BSD NET-List" <freebsd-net@FreeBSD.ORG> Subject: Re: natd restart Message-ID: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> References: <Pine.BSF.4.21.0201270011300.6340-100000@cody.jharris.com> <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local>
next in thread | previous in thread | raw e-mail | index | archive | help
> Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton:
>
> Hi Matt,
>
> > Here's the patch that I wrote some time ago.
>
> thanks a lot!
> Did you send-pr the patch? It seems quite necessary to be added.
Not yet. One of the things that I don't like about this patch is that old
rules still stay around (re-reading the configuration will only modify
existing rules and add new rules.) I'm also taking a lot of flak on my side
of the fence since NAT runs as a userland process, so every packet gets
copied between the kernel and userland twice (once on the way in, once on
the way out.) Apparently Linux doesn't do this.
I'm looking at making natd into a kernel option ("options IPNAT") and using
a combination of sysctls and a front-end program to manage how nat operates,
much like "options IPFIREWALL" and ipfw works today.
This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and
keep those Linux people from bashing us (or me, at least.)
--
Matt Emmerton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b501c1a742$9a89d950$1200a8c0>