On Wed, 9 Oct 2002, Christopher Smith wrote:
> No, we use IPFilter (and that definitely isn't going to change any time > soon). Oh. Hm, maybe IPFilter 4.0 will be faster. <looks around for darren> What you might consider doing is profiling the kernel on your test system to see where the majority of the cpu time is going. > The rule processing can't be done on the other CPU, can it ? Am I right in > saying that at this point in time, buying a dual CPU (vs single CPU) machine > for firewalling with FreeBSD is just a waste of money ? Even if it could be done, I doubt that would be the most cost effectively solution to the problem. Try out different NICs, then move on to kernel profiling if it's still a problem. Luigi can probably comment more on this, but one thing which comes to mind is that the if_ti driver might not be updated to use the new m_getcl function Luigi added. Luigi claimed a 10% increase in forwarding speed for drivers using it, I believe. :) Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
