> On 10/19/12 4:25 AM, Andrey V. Elsukov wrote: >> >> Hi All, >> >> Many years ago i have already proposed this feature, but at that time >> several people were against, because as they said, it could affect >> performance. Now, when we have high speed network adapters, SMP kernel >> and network stack, several locks acquired in the path of each packet, >> and i have an ability to test this in the lab. >> >> So, i prepared the patch, that removes IPFIREWALL_FORWARD option from >> the kernel and makes this functionality always build-in, but it is >> turned off by default and can be enabled via the sysctl(8) variable >> net.pfil.forward=1. >> >> http://people.freebsd.org/~ae/pfil_forward.diff >> >> Also we have done some tests with the ixia traffic generator connected >> via 10G network adapter. Tests have show that there is no visible >> difference, and there is no visible performance degradation. >> >> Any objections?
Just another me-too mail - this is great news! I can't really comment on the quality of the patch or the performance results as I'm neither an expert in low-level coding nor do I have a test lab to give this patch a go, but if there are no concrete objections, I really hope this goes forward. Thanks for the good work. Regards, -- Nino _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
