On Mon, Feb 11, 2002 at 11:26:45AM -0800, Alfred Perlstein wrote: > failing that, there's always moving it into the kernel where the perf > would most likely get better by several orders of magnitude by avoiding > copies and userspace/kernel context switching.
Of course copying the entire packet in and out for nat is very stupid. But in theory, keeping the decision making in userland would allow for easier implementation of more powerful nat tools (ex: per-flow nat load balancing, etc). Perhaps it would be more useful to retain some userland part, but only pass the layer 3/4 headers around. Or perhaps it should be entirely kernel based for simple NAT, but with a hook for a userland program that could snarf the headers and make decisions if needed/wanted. -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
