Re: Runtime control for the IPFIREWALL_FORWARD

Andrey V. Elsukov wrote:
This introduces quite a bit of extra code into the path of IP packets.

Yes, it will add a few extra checks like a "if (pfil_forward_enabled) {...}"

Some people are very sensitive about anything that slows down that path.

I can introduce a new kernel option - NO_PFIL_FORWARD, which will remove an
extra code from the CUSTOM kernel.
But the GENERIC kernel will be more universal with a new feature.

--
WBR, Andrey V. Elsukov
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: [PATCH] Document kfree and vfree NULL usage
    ... I'm going to to this for most of the kernel if I found ... litter the L1 cache with the extra code that will only save a function ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Random number generator in Linux kernel
    ... Vineet Joglekar wrote: ... that extra code around, but the stuff from the library, like srand48, ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Runtime control for the IPFIREWALL_FORWARD
    ... This introduces quite a bit of extra code into the path of IP packets. ... I can introduce a new kernel option - NO_PFIL_FORWARD, ... extra code from the CUSTOM kernel. ...
    (freebsd-arch)
  • [UNIX] Local Netfilter / IPTables IP Queue PID Wrap Flaw
    ... Beyond Security would like to welcome Tiscali World Online ... and a userspace library which allow userspace mediation and modification ... NET_ADMIN capability) to process packets from the kernel. ...
    (Securiteam)
  • Re: Q: locking mechanisms
    ... rcu_read_lockI disable preemption which I thought affects more ... In any kernel in which rcu_read_lockdisables preemption, ... types of PF_CAN sockets, which register for packets of certain CAN ...
    (Linux-Kernel)