[pf4freebsd] Version 0.62 released!
Max Laier
max at love2party.net
Wed Sep 15 20:38:03 PDT 2004
Hello,
Pyun YongHyeon and myself discussed some optimization to the current way
cksums are validated when a packet arrives in the in queue. Until now, the
cksum was validated twice. First pf_test (called from the PFIL_HOOK in
ip_input.c) validated the cksum with pf_check_proto_cksum and the kernel did
the same later in the processing queue (tcp_input.c et. al.). We reworked
pf_check_proto_cksum to flag the packet in case the checksum is valid if
not, the packet is droped anyways.
We make use of mbuf flags that usually indicate, that the cksum was
validated by hardware (bge, em, gx, lge, nge, txp, ti and xl NICs) so there
may exist problems when such a NIC is installed (even so it should not).
If you have such a NIC please get a copy of version 0.62 and check if
everything works as exspected.
This fix should give a great gain in performance when no hardware cksumming
is available and the CPU is very busy with your netio.
Max
More information about the freebsd-pf
mailing list