Date: Sat, 8 May 2004 11:25:43 -0700 From: Sam Leffler <sam@errno.com> To: Darren Reed <darrenr@hub.freebsd.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h Message-ID: <200405081125.43395.sam@errno.com> In-Reply-To: <20040508152531.GA96827@hub.freebsd.org> References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 08 May 2004 08:25 am, Darren Reed wrote: > On Fri, May 07, 2004 at 07:55:36AM -0700, Sam Leffler wrote: > > Employing a packet filter is not equivalent as it requires every packet > > to be processed while this (effectively 7-line change) adds no new > > overhead to the normal processing path for packets. It would be nice if > > packet filtering were cheap enough that we could use it in this way but I > > don't think that's the case just yet. > > Using that argument, is that clearance to put all of the normalization > from pf into the various parts of the networking code (not every type of > normalisation needs to be done on every packet but it is all useful), with > sysctls to turn it on or off, and maybe we'll add the ability to log > packets at various points because we don't want the overhead of BPF (it has > to process every packet too) and that's just for starters. I'm sure I can > think of some more, in time. How about you? I'm sensitive to the argument about duplicating functionality but I'll repeat again I consider this change worthwhile. To require each and every system configure a packet filter to get equivalent functionality is overkill IMO and is the reason I agreed with the change. If this were useful only for machines doing packet forwarding then I'd agree that it's duplicate functionality and better handled by a packet filter that would already be present in the system. However I expected it would be used by many/most endpoint systems that weren't necessarily using a packet filter. Further, if you can argue the default setting will rarely be changed then I'd agree that it's not worth keeping, but I felt otherwise--that folks would want to change the default setting to something else. > > If there were a core@ for freebsd that was active, this is the kind of > thing I'd be writing to them about, asking for it to be backed out. Technical disputes of this sort are supposed to be passed to the TRB. I personally don't see the change as important enough to argue about--I haven't heard Andre weigh in, but I figured he'd just back it out. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405081125.43395.sam>