cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h

Sam Leffler sam at errno.com
Sat May 8 11:26:52 PDT 2004


On Saturday 08 May 2004 08:25 am, Darren Reed wrote:
> On Fri, May 07, 2004 at 07:55:36AM -0700, Sam Leffler wrote:
> > Employing a packet filter is not equivalent as it requires every packet
> > to be processed while this (effectively 7-line change) adds no new
> > overhead to the normal processing path for packets.  It would be nice if
> > packet filtering were cheap enough that we could use it in this way but I
> > don't think that's the case just yet.
>
> Using that argument, is that clearance to put all of the normalization
> from pf into the various parts of the networking code (not every type of
> normalisation needs to be done on every packet but it is all useful), with
> sysctls to turn it on or off, and maybe we'll add the ability to log
> packets at various points because we don't want the overhead of BPF (it has
> to process every packet too) and that's just for starters.  I'm sure I can
> think of some more, in time.  How about you?

I'm sensitive to the argument about duplicating functionality but I'll repeat 
again I consider this change worthwhile. To require each and every system 
configure a packet filter to get equivalent functionality is overkill IMO and 
is the reason I agreed with the change. If this were useful only for machines 
doing packet forwarding then I'd agree that it's duplicate functionality and 
better handled by a packet filter that would already be present in the 
system.  However I expected it would be used by many/most endpoint systems 
that weren't necessarily using a packet filter.  Further, if you can argue 
the default setting will rarely be changed then I'd agree that it's not worth 
keeping, but I felt otherwise--that folks would want to change the default 
setting to something else.
 
>
> If there were a core@ for freebsd that was active, this is the kind of
> thing I'd be writing to them about, asking for it to be backed out.

Technical disputes of this sort are supposed to be passed to the TRB.  I 
personally don't see the change as important enough to argue about--I haven't 
heard Andre weigh in, but I figured he'd just back it out.

	Sam


More information about the cvs-src mailing list