Date: Wed, 27 Sep 2000 12:56:28 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: <freebsd-net@freebsd.org> Subject: Re: natd and userland ppp Message-ID: <128b01c028a3$e0f903d0$040aa8c0@local.mindstep.com> References: <124901c02898$ca8aadc0$040aa8c0@local.mindstep.com> <Pine.BSF.4.10.10009270922150.15101-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > They are both running the same NAT library, but is you use NATD then the > packet is diverted to userland TWICE, with it's > attendant reduction in throughput and increase in latency.. This sounds like a fair reason. However it strikes me that there is quite a bit of code duplication because of this: I know that libalias is used in both, but you still need some support code in each one of them (configuration elements etc.) + calling the actual aliasing code. It seems also that some features (such as automatic holes in the firewall and dynamic rules) are a bit tricky to get working properly with aliasing in ppp. Now I probably missed some tricks on that side, so don't flame me because of that last comment, educate me! > PPP diverts packet out of the kernel once. Once it's diverted you might as > well do the NAT on the packet. (and as I said, you'd have a lot of fun > getting NATD synchronised with ppp. (You'd have to use all sorts of > link-up and link-down scripts. Well actually, with the "dynamic" option in natd, synchronizing to ppp is really painless (or at least it looks like it is working properly). Thanks to the magic of the routing socket. So this is hardly an argument. > Mpd can use netgraph to do all ppp processing in the kernel to reduce > latency even further, but it doesn't have NAT. You could however combine > it with ipfilter's in-kernel NAT to get an all-kernel solution. > (we need to make a netgraph NAT module but we haven't done it yet.) A netgraph nat module seems to be the way to go... As soon as I have some spare time (wishfull thinking :) I'll look into that. So at this point, I take it that the main reason for not using natd with ppp is because of the increased number of context switching between userland and kernel code. Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?128b01c028a3$e0f903d0$040aa8c0>