On 19.10.2012 16:02, Andre Oppermann wrote:>> http://people.freebsd.org/~ae/pfil_forward.diff >> >> Also we have done some tests with the ixia traffic generator connected >> via 10G network adapter. Tests have show that there is no visible >> difference, and there is no visible performance degradation. >> >> Any objections? > > No objection as such. However I don't entirely agree with the > naming of pfil_forward. The functionality is specific to IPFW > and TCP, it's doing transparent interjected termination of tcp > connections on the local host while keeping the original IP > addresses and port numbers visible in netstat output. > > So it's a feature of IPFW/IP and should be fitted in there for > sysctl name and .h files instead of pfil.
Actually it can be used not only by ipfw. We already have net.inet.ip.forwarding and net.inet6.ip6.forwarding variables, and placing it into net.inet.ip.fw is undesirable, because we can have kernel without ipfw. So, i decided to choose pfil, because it could not work without pfil. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
