At 10:21 PM 10/21/2006, Julian Elischer wrote:
OR in 7.0 you can call netgraph directly
there is a netgraph keyword in ipfw.
I just took a look at that. Could work, except that the ng_nat
Netgraph node only does very basic NAT. One can't do static NAT,
and none of natd's other options are accessible.
Whilst perusing the code, I also noticed that libalias expects all
packets to be in a single contiguous buffer. This means that ng_nat
doesn't get rid of one of the big inefficiencies involved in the
use of natd: the need to make a copy of the mbuf chain containing
the packet to ensure contiguity. (This is an issue with anything
that uses divert sockets, but it creeps in with ng_nat as well due
to the way libalias is coded.) Using a Netgraph node would help
with the ring transition, though, so there should be some savings.
Has the "netgraph" keyword been MFCed?
--Brett Glass
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
