Date: Sun, 16 Mar 2008 17:03:17 +0100 From: Erik Trulsson <ertr1013@student.uu.se> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: Razmig K <strontium90@gmail.com>, Dan Nelson <dnelson@allantgroup.com>, Ian Smith <smithi@nimnet.asn.au>, freebsd-questions@freebsd.org Subject: Re: IPFW with user-ppp's NAT Message-ID: <20080316160317.GA35937@owl.midgard.homeip.net> In-Reply-To: <20080316163701.B14645@wojtek.tensor.gdynia.pl> References: <Pine.BSF.3.96.1080316193840.4307A-100000@gaia.nimnet.asn.au> <20080316163701.B14645@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 16, 2008 at 04:37:18PM +0100, Wojciech Puchar wrote: >> Frankly I'm a bit surprised that this hasn't been more widely heralded, >> as userland natd is often given as a reason to prefer other firewalls, > > what's wrong in userland natd? Performance. With userland natd, every packet that passes through natd must pass from kernel to userland (causing one context switch) and back again (causing another context switch). This will be slower and use more CPU than doing it all inside the kernel, without any context switches. -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080316160317.GA35937>